Insufficient Access Control in ClickCartPro 4.0 Allows Remote User Credential Theft

Insufficient Access Control in ClickCartPro 4.0 Allows Remote User Credential Theft

CVE-2002-2310 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

ClickCartPro 4.0 stores the admin_user.db data file under the web document root with insufficient access control on servers other than Apache, which allows remote attackers to obtain usernames and passwords.

Learn more about our Cis Benchmark Audit For Apache Http Server.