Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

CS Cart 4.6.2 Shell Upload

Related Vulnerabilities: CVE-2017-15673  
Publish Date: 23 Nov 2017
Author: oric one
Source 
                **** Summary

CSC Cart is a PHP based shopping cart software, which is hosted either locally or by the company csc-cart company. It has a vulnerability in the administration section, which allows full remote code execution on the server.

This has been allcoated CVE-2017-15673


**** Vendor of Product
cs-cart.com



**** Affected Product Code Base
CS-Cart - 4.6.2 and Some Previous



**** Attack Vectors

A custom page can be created as part of the files function in the
administration section. It is possible to give this page a .php
filetype and fill it with valid php code. This can then be saved in a
location which allows the pages to be executed as php, therefore
gaining access to the whole server.
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started