vendor:
uStorekeeper Online Shopping System
by:
SecurityFocus
7.5
CVSS
HIGH
Remote Command Execution
78
CWE
Product Name: uStorekeeper Online Shopping System
Affected Version From: All versions
Affected Version To: All versions
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002
uStorekeeper Online Shopping System Remote Command Execution Vulnerability
uStorekeeper Online Shopping System from Microburst Technologies fails to properly validate user-supplied input, allowing remote users to submit URLs containing '/../' sequences and arbitrary filenames or commands, which will be executed or displayed with the privilege level of the webserver user. This permits the remote user to request files and execute commands from arbitrary locations on the host filesystem, outside the script's normal directory scope.
Mitigation:
Input validation should be used to prevent the execution of arbitrary commands.