[] NeoSense
E X P L O I T S
title author type platform port cve id

Midicart PHP - Arbitrary File Upload

Author: frog
type: webapps
platform: php
port: 
date_added: 2002-10-02 
date_updated: 2016-10-27 
verified: 1 
codes: CVE-2002-1798;OSVDB-37494 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/5855/info

A problem with the default installation of Midicart PHP may make it possible for remote users to gain access to sensitive information.

The default installation of Midicart PHP does not place sufficient access control on files residing in the 'admin' folder. Due to this lack of access control, it is possible for a remote attacker to gain access to this file and upload arbitrary files to a vulnerable system.

http://<site>/admin/upload.php
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.