CVE-2004-0242

X-Cart 3.4.3 - Information Disclosure via Mode Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0242. PoCs published by Philip.

AI-analyzed exploit summary The exploit demonstrates a directory traversal vulnerability in X-Cart's 'auth.php' script, allowing remote attackers to read arbitrary files on the server. Additionally, it mentions an information disclosure issue in 'general.php' that leaks PHP and Perl version details.

Description

X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with (1) phpinfo command or (2) perlinfo command.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Philip · textwebappsphp
https://www.exploit-db.com/exploits/23639

The exploit demonstrates a directory traversal vulnerability in X-Cart's 'auth.php' script, allowing remote attackers to read arbitrary files on the server. Additionally, it mentions an information disclosure issue in 'general.php' that leaks PHP and Perl version details.

Classification
Working Poc 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: X-Cart (version not specified)
No auth needed
Prerequisites: Access to the target server's web interface
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15036
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9563
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107582648326448&w=2

Scores

EPSS 0.0693
EPSS Percentile 93.3%

Details

Status published
Products (7)
qualiteam/x-cart 3.2.0
qualiteam/x-cart 3.2.1
qualiteam/x-cart 3.3.0
qualiteam/x-cart 3.3.2
qualiteam/x-cart 3.4.0
qualiteam/x-cart 3.4.3
qualiteam/x-cart 3.4.11
Published Nov 23, 2004
Tracked Since Feb 18, 2026