CVE DATABASE / CVE-2002-1798

CVE-2002-1798

CVSS 9.1 · CRITICAL

Summary

MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php.

CVSS 3.1 breakdown

Base score	9.1 (CRITICAL)
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Attack vector	NETWORK
Attack complexity	LOW
Privileges required	NONE
User interaction	NONE
Scope	UNCHANGED
Confidentiality	HIGH
Integrity	HIGH
Availability	NONE

Weakness type (CWE)

CWE-425

Affected products

Midicart midicart phpMidicart midicart php maxiMidicart midicart php plus

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html
http://www.iss.net/security_center/static/10306.php
http://www.securityfocus.com/bid/5851
http://www.securityfocus.com/bid/5855

Data: NIST NVD. NVD last modified 2026-04-16. Always verify against the vendor advisory before acting.