[原文]S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the database name.
RediCart smart.cfg Configuration Information Disclosure
Remote / Network Access
Loss of Confidentiality
RediCart contains a flaw that may lead to an unauthorized information disclosure. The issue caused by the smart.cfg configuration file being located in the same directory as the CGI scripts, which will disclose configuration information resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.