CVE-2001-0821

DCShop 1.002 beta - Info Disclosure

Title source: llm
STIX 2.1

Description

The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1) orders.txt or (2) auth_user_file.txt.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Peter Helms · textremotecgi
https://www.exploit-db.com/exploits/20939
exploitdb WRITEUP VERIFIED
by Peter Helms · textremotecgi
https://www.exploit-db.com/exploits/20938

References (4)

Core 4
Core References
Patch, Vendor Advisory x_refsource_confirm
http://www.dcscripts.com/dcforum/dcshop/44.html
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2889
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6707
Vendor Advisory mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2001-06/0233.html

Scores

EPSS 0.1173
EPSS Percentile 93.8%

Details

Status published
Products (1)
dcscripts/dcshop 1.002_beta
Published Dec 06, 2001
Tracked Since Feb 18, 2026