Published: 23/11/2004 Updated: 11/07/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

X-Cart 3.4.3 allows remote malicious users to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
qualiteam x-cart 3.2.0
qualiteam x-cart 3.2.1
qualiteam x-cart 3.4.11
qualiteam x-cart 3.4.3
qualiteam x-cart 3.3.0
qualiteam x-cart 3.3.2
qualiteam x-cart 3.4.0

source: wwwsecurityfocuscom/bid/9560/info X-Cart has been reported to be prone to an issue that may allow remote attackers to execute arbitrary commands on the affected system The issue is caused by a failure of the application to sanitize values specified by parameters in the URI server/admin/upgradephp?prepatch_errorcode=1& ...

source: wwwsecurityfocuscom/bid/9560/info X-Cart has been reported to be prone to an issue that may allow remote attackers to execute arbitrary commands on the affected system The issue is caused by a failure of the application to sanitize values specified by parameters in the URI server/admin/generalphp?mode=perlinfo&conf ...

NVD-CWE-Other http://www.securityfocus.com/bid/9560 http://marc.info/?l=bugtraq&m=107582648326448&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/15034 https://nvd.nist.gov https://www.exploit-db.com/exploits/23637/

CVE-2004-0241

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect