CVE-2004-2172

HIGH

EarlyImpact ProductCart - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-2172. PoCs published by Nick Gudov.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in EarlyImpact ProductCart, including SQL injection, XSS, and cryptographic weaknesses. It outlines a specific attack vector involving user registration with malformed input fields.

Description

EarlyImpact ProductCart uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via a chosen plaintext attack.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Nick Gudov · textwebappsasp

https://www.exploit-db.com/exploits/23702

View Code ZIP pw:eip

The provided text describes multiple vulnerabilities in EarlyImpact ProductCart, including SQL injection, XSS, and cryptographic weaknesses. It outlines a specific attack vector involving user registration with malformed input fields.

Classification

Writeup 80%

Attack Type

Sqli | Xss | Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: EarlyImpact ProductCart

No auth needed

Prerequisites: Access to the registration form of the target application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (10)

Core 10

Core References

Broken Link, Third Party Advisory, VDB Entry, Vendor Advisory mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/354288

Broken Link, Patch, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/9669

Exploit, Third Party Advisory x_refsource_confirm

http://www.earlyimpact.com/productcart/support/updates/ReadMe_ProductCart_Security_Patch_013004.txt

Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://securitytracker.com/alerts/2004/Feb/1009085.html

Broken Link, Vendor Advisory mailing-list x_refsource_fulldisc

http://archives.neohapsis.com/archives/fulldisclosure/2004-02/0871.html

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/15231

Broken Link, Patch, Vendor Advisory x_refsource_misc

http://www.s-quadra.com/advisories/Adv-20040216.txt

Broken Link vdb-entry x_refsource_osvdb

http://www.osvdb.org/3979

Broken Link, Patch, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2004-02/0503.html

Broken Link third-party-advisory x_refsource_secunia

http://secunia.com/advisories/10898

Scores

CVSS v3 7.5

EPSS 0.0677

EPSS Percentile 93.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-326

Status published

Products (1)

netsourcecommerce/productcart < 2.53

Published Dec 31, 2004

Tracked Since Feb 18, 2026