CSC Cart 4.6.2 Shell Upload

CSC Cart version 4.6.2 suffers from a remote shell upload vulnerability.

MD5 | 0a62f78f3293e527ec3327b130b259b6

**** Summary

CSC Cart is a PHP based shopping cart software, which is hosted either locally or by the company csc-cart company. It has a vulnerability in the administration section, which allows full remote code execution on the server.

This has been allcoated CVE-2017-15673

**** Vendor of Product

**** Affected Product Code Base
CS-Cart - 4.6.2 and Some Previous

**** Attack Vectors

A custom page can be created as part of the files function in the
administration section. It is possible to give this page a .php
filetype and fill it with valid php code. This can then be saved in a
location which allows the pages to be executed as php, therefore
gaining access to the whole server.

Related Posts