Executive Summary

MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) upload arbitrary php files via a direct request to admin/upload.php or (2) access sensitive information via a direct request to admin/credit_card_info.php.

Why It Matters

CVE-2002-1798 is rated CRITICAL severity, requiring immediate attention from security teams.

CVSS Base Score: 9.1/10

Affected Technologies

Vendors: midicart

Products: midicart_php, midicart_php_maxi, midicart_php_plus

🛡️What Defenders Should Check

Check if you are affected — Review your asset inventory for products listed in CVE-2002-1798.

Apply available patches — Visit vendor advisories for the latest security updates.

Monitor for exploitation — Check your SIEM/IDS logs for related indicators.

Use Vulnios to continuously monitor your exposure to CVE-2002-1798 and similar vulnerabilities.

References & Sources

http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html

http://www.iss.net/security_center/static/10306.php

http://www.securityfocus.com/bid/5851

http://www.securityfocus.com/bid/5855

http://archives.neohapsis.com/archives/bugtraq/2002-10/0016.html

http://www.iss.net/security_center/static/10306.php

http://www.securityfocus.com/bid/5851

http://www.securityfocus.com/bid/5855

AI Security Advisor

Get AI-powered security recommendations tailored to this specific threat — including risk assessment, detection guidance, MITRE ATT&CK mapping, and actionable remediation steps.

Affected Products

midicart_phpmidicart_php_maximidicart_php_plus

Sources

NVD / NIST

critical

Protect Your Organization

Monitor CVEs, scan for vulnerabilities, and get real-time threat alerts — all in one platform.

Get Started Free Free Security Scan OSINT Dashboard

Get instant alerts on Telegram

Join our public channel for real-time critical CVE alerts.

Follow @vulnios

Critical Vulnerability: CVE-2002-1798 — midicart — midicart_php, midicart_php_maxi