CVE-2002-1798

CRITICAL

MidiCart PHP Unauthenticated Arbitrary File Upload and Information Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2002-1798. PoCs published by frog.

AI-analyzed exploit summary This is a writeup describing an information disclosure vulnerability in Midicart PHP's default installation, where sensitive files in the 'admin' folder are accessible without proper access controls. The example URL provided demonstrates unauthorized access to credit card information.

Description

MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php.

Exploits (2)

exploitdb WRITEUP VERIFIED
by frog · textwebappsphp
https://www.exploit-db.com/exploits/21894

This is a writeup describing an information disclosure vulnerability in Midicart PHP's default installation, where sensitive files in the 'admin' folder are accessible without proper access controls. The example URL provided demonstrates unauthorized access to credit card information.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Midicart PHP (default installation)
No auth needed
Prerequisites: Midicart PHP installed with default configuration
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by frog · textwebappsphp
https://www.exploit-db.com/exploits/21896

This is a writeup describing an information disclosure vulnerability in Midicart PHP due to insufficient access control on the 'admin' folder, allowing remote attackers to upload arbitrary files via 'upload.php'.

Classification
Writeup 80%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Midicart PHP (default installation)
No auth needed
Prerequisites: Default installation of Midicart PHP · Access to the 'admin/upload.php' endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Broken Link, Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5855
Broken Link, Exploit mailing-list x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html
Broken Link vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/10306.php
Broken Link, Exploit, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/5851

Scores

CVSS v3 9.1
EPSS 0.0456
EPSS Percentile 90.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Details

CWE
CWE-425
Status published
Products (3)
midicart/midicart_php
midicart/midicart_php_maxi
midicart/midicart_php_plus
Published Dec 31, 2002
Tracked Since Feb 18, 2026