Steven M. Christey
coley at linus.mitre.org
Thu Jun 8 15:01:54 EDT 2006
On Thu, 8 Jun 2006, Stuart Moore wrote:
> Hi. The recently reported "new bug" in a.shopKart 2.0 [assigned
> CVE-2006-2823] is actually an old bug reported by CyberTalon back in
> March 2004:
> It appears that there is no 2004-year CVE number assigned.
> Should the new CVE number be applied to the old report?
Yes. Aesthetically it should have come out with a 2004 number, but we
missed that this was a rediscovery.
Thanks for pointing this out! Updated CVE-2006-2823 below.
Reference: BUGTRAQ:20060602 new bug
Katrien De Graeve a.shopKart 2.0 (aka ashopKart20) stores sensitive
information under the web root with insufficient access control, which
allows remote attackers to download a database via a direct request
for (1) admin/scart.mdb and possibly (2) admin/scart97.mdb.
More information about the VIM