VYPR

Midicart PHP Maxi

by Midicart Software

CVEs (3)

  • CVE-2002-1798CriDec 31, 2002
    risk 0.63cvss 9.1epss 0.05

    MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php.

  • CVE-2002-1432Apr 11, 2003
    risk 0.04cvss epss 0.08

    MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database.

  • CVE-2006-6463Dec 11, 2006
    risk 0.00cvss epss 0.01

    Unrestricted file upload vulnerability in admin/add.php in Midicart allows remote authenticated users to upload arbitrary .php files, and possibly other files, to the images/ directory under the web root.