CS Cart version 4.6.2 suffers from a remote shell upload vulnerability.
f1ee462ab8b8fb7db0ca71f0fe2dd6b5d840e12bdfd35c6ed9f2ecdcbed12fba**** Summary
CSC Cart is a PHP based shopping cart software, which is hosted either locally or by the company csc-cart company. It has a vulnerability in the administration section, which allows full remote code execution on the server.
This has been allcoated CVE-2017-15673
**** Vendor of Product
cs-cart.com
**** Affected Product Code Base
CS-Cart - 4.6.2 and Some Previous
**** Attack Vectors
A custom page can be created as part of the files function in the
administration section. It is possible to give this page a .php
filetype and fill it with valid php code. This can then be saved in a
location which allows the pages to be executed as php, therefore
gaining access to the whole server.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed