Threat Encyclopedia



It indicates an information disclosure vulnerability in Cart32 program.

Cart32 is a Shopping Cart system software designed for Windows environment. There exists a vulnerability in cart32.exe that allows attackers to obtain vital client information such as username, password, credit card numbers, and other crucial details on a target system via specially-crafted URLs.

Affected Products

Any McMurtrey/Whitaker & Associates Cart32 2.6 or 3.0 is vulnerable to the attack.


Attackers can gain sensitive information about system users.

Recommended Actions

If a FortiGate with FortiOS 2.80 or above is used, select Drop Session as the default action for this signature.

Apply appropriate patches or Upgrade the system to the latest non-vulnerable version.

CVE References