Intrusion Prevention

Cart32.cart32clientlist.Access

Description

It indicates an information disclosure vulnerability in Cart32 program.


Cart32 is a Shopping Cart system software designed for Windows environment. There exists a vulnerability in cart32.exe that allows attackers to obtain vital client information such as username, password, credit card numbers, and other crucial details on a target system via specially-crafted URLs.

Affected Products

Any McMurtrey/Whitaker & Associates Cart32 2.6 or 3.0 is vulnerable to the attack.

Impact

Attackers can gain sensitive information about system users.

Recommended Actions

If a FortiGate with FortiOS 2.80 or above is used, select Drop Session as the default action for this signature.


Apply appropriate patches or Upgrade the system to the latest non-vulnerable version.


CVE References

CVE-2000-0429