ID CVE-2001-0985Type cveReporter NVDModified 2017-12-18T21:29:29
Description
shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter.
{"id": "CVE-2001-0985", "bulletinFamily": "NVD", "title": "CVE-2001-0985", "description": "shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the \"page\" parameter.", "published": "2001-09-08T00:00:00", "modified": "2017-12-18T21:29:29", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0985", "reporter": "NVD", "references": ["http://www.securityfocus.com/bid/3308", "https://exchange.xforce.ibmcloud.com/vulnerabilities/7106", "http://www.irata.com/shopver.html", "http://www.securityfocus.com/archive/1/212827"], "cvelist": ["CVE-2001-0985"], "type": "cve", "lastseen": "2017-12-19T12:21:04", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:hassan_consulting:shopping_cart:1.23"], "cvelist": ["CVE-2001-0985"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the \"page\" parameter.", "edition": 1, "enchantments": {"score": {"modified": "2016-09-03T03:06:30", "value": 7.6}}, "hash": "13df75bc1031d3373343fdbcaedc07b1793120abf5b3853397cb4f8554fda7c6", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "34862c3d021b97440c726dc700b27b20", "key": "modified"}, {"hash": "019d96ea584658777a86591ae36113ab", "key": "cvelist"}, {"hash": "55d448f4a1e8d71f2420503afbbe5821", "key": "title"}, {"hash": "bd2356f397fba295859a0b61e800184c", "key": "references"}, {"hash": "cf3fc0f4d0304e01ae517115c5920d78", "key": "description"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "3e415413cddc94fba1abfd9e2a7d2244", "key": "published"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "73b5538cc4829a27b9f000d077f385da", "key": "href"}, {"hash": "26f9b5929e84677d0cf3f76b9bb79d31", "key": "cpe"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2001-0985", "id": "CVE-2001-0985", "lastseen": "2016-09-03T03:06:30", "modified": "2008-09-05T16:25:24", "objectVersion": "1.2", "published": "2001-09-08T00:00:00", "references": ["http://www.securityfocus.com/bid/3308", "http://xforce.iss.net/static/7106.php", "http://www.irata.com/shopver.html", "http://www.securityfocus.com/archive/1/212827"], "reporter": "NVD", "scanner": [], "title": "CVE-2001-0985", "type": "cve", "viewCount": 3}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T03:06:30"}], "edition": 2, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "26f9b5929e84677d0cf3f76b9bb79d31"}, {"key": "cvelist", "hash": "019d96ea584658777a86591ae36113ab"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "cf3fc0f4d0304e01ae517115c5920d78"}, {"key": "href", "hash": "73b5538cc4829a27b9f000d077f385da"}, {"key": "modified", "hash": "5c1750a8721533bc5927a12d24bdeda7"}, {"key": "published", "hash": "3e415413cddc94fba1abfd9e2a7d2244"}, {"key": "references", "hash": "eeab2e4c69d4fd46da778337c348bb14"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "55d448f4a1e8d71f2420503afbbe5821"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "fc68ccd369b4a1d43c0fdb256ec58508d6627f2bcc4a4988ede601f744e6781c", "viewCount": 3, "enchantments": {"vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:hassan_consulting:shopping_cart:1.23"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"result": {"openvas": [{"id": "OPENVAS:136141256231010764", "type": "openvas", "title": "Shopping Cart Arbitrary Command Execution (Hassan)", "description": "We detected the presence of the Shopping Cart\n CGI (Hassan). A security problem in this CGI allows execution of arbitrary commands.", "published": "2005-11-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=136141256231010764", "cvelist": ["CVE-2001-0985"], "lastseen": "2017-07-02T21:10:05"}], "osvdb": [{"id": "OSVDB:635", "type": "osvdb", "title": "Hassan Consulting shop.pl page Parameter Arbitrary Command Execution", "description": "# No description provided by the source\n\n## References:\n[CVE-2001-0985](https://vulners.com/cve/CVE-2001-0985)\nBugtraq ID: 3308\n", "published": "2001-09-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://vulners.com/osvdb/OSVDB:635", "cvelist": ["CVE-2001-0985"], "lastseen": "2017-04-28T13:19:55"}], "exploitdb": [{"id": "EDB-ID:21104", "type": "exploitdb", "title": "Hassan Consulting Shopping Cart 1.23 - Arbitrary Command Execution Vulnerability", "description": "Hassan Consulting Shopping Cart 1.23 Arbitrary Command Execution Vulnerability. CVE-2001-0985. Remote exploit for cgi platform", "published": "2001-09-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/21104/", "cvelist": ["CVE-2001-0985"], "lastseen": "2016-02-02T15:40:57"}]}}
