CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Shoppingcart | Codethat | 1.3.1 (including) | 1.3.1 (including) |