CVE-2000-0429

Cart32 3.0 and earlier - Remote Code Execution via Backdoor Password

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-0429. PoCs published by Cerberus Security Team.

AI-analyzed exploit summary This is a writeup describing an information leakage and authentication bypass vulnerability in cart32.exe and c32web.exe. It details how arbitrary passwords can be used to access client information and how the administrative password can be changed without prior knowledge.

Description

A backdoor password in Cart32 3.0 and earlier allows remote attackers to execute arbitrary commands.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Cerberus Security Team · textremotewindows

https://www.exploit-db.com/exploits/19881

View Code ZIP pw:eip

This is a writeup describing an information leakage and authentication bypass vulnerability in cart32.exe and c32web.exe. It details how arbitrary passwords can be used to access client information and how the administrative password can be changed without prior knowledge.

Classification

Writeup 90%

Attack Type

Info Leak | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: cart32.exe and c32web.exe (versions not specified)

No auth needed

Prerequisites: Network access to the target server · Knowledge of the target URLs

MITRE ATT&CK

T1552 - Unsecured Credentials T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Various Sources x_refsource_confirm

http://www.cart32.com/kbshow.asp?article=c048

Mailing List mailing-list x_refsource_bugtraq

http://marc.info/?l=bugtraq&m=95686068203138&w=2

Scores

EPSS 0.0324

EPSS Percentile 86.7%

Details

Status published

Products (2)

mcmurtrey_whitaker_and_associates/cart32 2.6

mcmurtrey_whitaker_and_associates/cart32 3.0

Published Apr 27, 2000

Tracked Since Feb 18, 2026