[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FD] CSC-Cart RCE - CVE-2017-15673
- To: fulldisclosure@xxxxxxxxxxxx
- Subject: [FD] CSC-Cart RCE - CVE-2017-15673
- From: "oric one" <oric-1@xxxxxxx>
- Date: Thu, 23 Nov 2017 11:40:12 +0100
<html><head></head><body><div style="font-family: Verdana;font-size:
12.0px;"><div>**** Summary</div>
<div> </div>
<div>CSC Cart is a PHP based shopping cart software, which is hosted either
locally or by the company csc-cart company. It has a vulnerability in the
administration section, which allows full remote code execution on the
server.</div>
<div> </div>
<div>This has been allcoated CVE-2017-15673</div>
<div><br/>
**** Vendor of Product<br/>
<a
data-saferedirecturl="https://www.google.com/url?hl=en-GB&q=http://cs-cart.com&source=gmail&ust=1511519539231000&usg=AFQjCNGu7QyGcGVsGNGDmJ2JKS-kuTxAew";
href="http://cs-cart.com/"; rel="noreferrer"
target="_blank">cs-cart.com</a><br/>
<br/>
<br/>
<br/>
**** Affected Product Code Base<br/>
CS-Cart - 4.6.2 and Some Previous<br/>
<br/>
<br/>
<br/>
**** Attack Vectors</div>
<div><br/>
A custom page can be created as part of the files function in the<br/>
administration section. It is possible to give this page a .php<br/>
filetype and fill it with valid php code. This can then be saved in a<br/>
location which allows the pages to be executed as php, therefore<br/>
gaining access to the whole server.<br/>
<br/>
</div></div></body></html>
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/