X-Cart Concierge Module Information Disclosure

medium Web App Scanning Plugin ID 112893

Synopsis

X-Cart Concierge Module Information Disclosure

Description

X-Cart Concierge module has been detected on the target X-Cart installation.

This may present an attacker with sensitive information to mount further attacks & may leak the admin account email used to log into the store, official company name, license type of the store and other sensitive data

Solution

Disable the Concierge module or restrict access to the admin page.

See Also

https://kb.x-cart.com/general_setup/admin/overview.html#concierge

https://kb.x-cart.com/general_setup/store_security/secure_configuration.html

Plugin Details

Severity: Medium

ID: 112893

Type: remote

Published: 7/9/2021

Updated: 11/26/2021

Scan Template: basic, full, pci, scan

Risk Information

VPR

Risk Factor: Low

Score: 1.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSS Score Source: Tenable

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS Score Source: Tenable

CVSS v4

Risk Factor: Medium

Base Score: 6.9

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

CVSS Score Source: Tenable

Reference Information