| VID |
21135 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The '/quikstore.cfg' file is exposed.
I-Soft's QuikStore shopping cart system could potentially be misconfigured by an administrator during its installation. This misconfiguration could expose the configuration file, which contains the cleartext administrator password. An attacker could use this password to compromise the system. |
| Recommendation |
Reinstall the I-Soft QuikStore Shopping Cart application, following the installation instructions carefully. To prevent unauthorized remote access to sensitive I-Soft QuikStore Shopping Cart files and directories, ensure that appropriate permissions have been set.
See the following site about more information:
http://www.quikstore.com/ |
| Related URL |
CVE-1999-0607 (CVE) |
| Related URL |
1983 (SecurityFocus) |
| Related URL |
3858 (ISS) |
|
