Description
The add.exe program in the Carello shopping cart software allows remote attackers to duplicate files on the server, which could allow the attacker to read source code for web scripts such as .ASP files.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Cerberus Security Team · textremotewindows
https://www.exploit-db.com/exploits/19957
References (2)
Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/1245
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2000-05/0285.html
Scores
EPSS
0.0362
EPSS Percentile
87.9%
Details
Status
published
Products (1)
pacific_software/carello
1.2.1
Published
May 24, 2000
Tracked Since
Feb 18, 2026