Summary
The host is running Zen-cart and is prone to database backup disclosure vulnerability.
Impact
Successful exploitation will allow remote attackers to obtain sensitive database information by downloading the database backup.
Impact Level: Application
Solution
No Solution is available as of 27th December, 2013.Information regarding this issue will be updated once the solution details are available. For more information refer to, http://www.zen-cart.com
Insight
The flaw is due to unspecified error that allows unauthenticated access to database backup
Affected
Zen-cart version 1.5.1 and probably prior
Detection
Send a crafted data via HTTP GET request and check whether it is vulnerable or not.
References
Updated on 2017-03-28
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Adobe ColdFusion Multiple Path Disclosure Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- 1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
- Apache Struts2 'XWork' Information Disclosure Vulnerability