DCShop Beta Overwrite Setup Files Vulnerability

vendor:

DCShop Beta

by:

SecurityFocus

7.5

CVSS

HIGH

Overwrite Setup Files

CWE

Product Name: DCShop Beta

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Unix, Linux, Microsoft Windows

2002

DCShop Beta Overwrite Setup Files Vulnerability

DCShop Beta is a freely available shopping cart system, written in Perl. It is possible to overwrite setup files (*.setup) by submitting attacker-supplied form data followed by a null character (%00). The attacker must use the POST method to submit data that is content-type multipart/form-data compliant.

Mitigation:

Ensure that all user-supplied data is properly validated and sanitized before being used.

Source

DCShop Beta Overwrite Setup Files Vulnerability

Mitigation:

Exploit-DB raw data: