Lucene search

K
zdtOric one1337DAY-ID-29058
HistoryNov 26, 2017 - 12:00 a.m.

CSC Cart 4.6.2 Shell Upload Vulnerability

2017-11-2600:00:00
oric one
0day.today
232

EPSS

0.001

Percentile

41.3%

Exploit for php platform in category web applications

**** Summary

CSC Cart is a PHP based shopping cart software, which is hosted either locally or by the company csc-cart company. It has a vulnerability in the administration section, which allows full remote code execution on the server.

This has been allcoated CVE-2017-15673


**** Vendor of Product
cs-cart.com



**** Affected Product Code Base
CS-Cart - 4.6.2 and Some Previous



**** Attack Vectors

A custom page can be created as part of the files function in the
administration section. It is possible to give this page a .php
filetype and fill it with valid php code. This can then be saved in a
location which allows the pages to be executed as php, therefore
gaining access to the whole server.

#  0day.today [2018-03-13]  #

EPSS

0.001

Percentile

41.3%

Related for 1337DAY-ID-29058