CSC Cart version 4.6.2 suffers from a remote shell upload vulnerability.
0a62f78f3293e527ec3327b130b259b6**** Summary
CSC Cart is a PHP based shopping cart software, which is hosted either locally or by the company csc-cart company. It has a vulnerability in the administration section, which allows full remote code execution on the server.
This has been allcoated CVE-2017-15673
**** Vendor of Product
cs-cart.com
**** Affected Product Code Base
CS-Cart - 4.6.2 and Some Previous
**** Attack Vectors
A custom page can be created as part of the files function in the
administration section. It is possible to give this page a .php
filetype and fill it with valid php code. This can then be saved in a
location which allows the pages to be executed as php, therefore
gaining access to the whole server.