CVE-2002-1432

MidiCart - Unauthenticated Sensitive Information Exposure via Database File Request

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2002-1432. PoCs published by Dimitri Sekhniashvili.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in Midicart ASP due to insufficient access control on the midicart.mdb file. The vulnerability allows remote attackers to access sensitive customer information, including credit card details, by directly requesting the database file.

Description

MidiCart stores the midicart.mdb database file under the Web document root, which allows remote attackers to steal sensitive information by directly requesting the database.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Dimitri Sekhniashvili · textwebappsasp
https://www.exploit-db.com/exploits/21702

This is a writeup describing an information disclosure vulnerability in Midicart ASP due to insufficient access control on the midicart.mdb file. The vulnerability allows remote attackers to access sensitive customer information, including credit card details, by directly requesting the database file.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Midicart ASP (default installation)
No auth needed
Prerequisites: Network access to the target web server · Knowledge of the shopping directory path
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5438
Patch, Vendor Advisory vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/9816.php
Exploit, Patch mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-08/0074.html

Scores

EPSS 0.0777
EPSS Percentile 93.9%

Details

CWE
CWE-200
Status published
Products (7)
coxco_support/a-cart 2.0
coxco_support/metacart 2.sql
coxco_support/midicart_asp
coxco_support/midicart_asp_maxi
coxco_support/midicart_asp_plus
coxco_support/salescart-pro
coxco_support/salescart-std
Published Apr 11, 2003
Tracked Since Feb 18, 2026