**** Summary
CSC Cart is a PHP based shopping cart software, which is hosted either locally or by the company csc-cart company. It has a vulnerability in the administration section, which allows full remote code execution on the server.
This has been allcoated CVE-2017-15673
**** Vendor of Product
cs-cart.com
**** Affected Product Code Base
CS-Cart - 4.6.2 and Some Previous
**** Attack Vectors
A custom page can be created as part of the files function in the
administration section. It is possible to give this page a .php
filetype and fill it with valid php code. This can then be saved in a
location which allows the pages to be executed as php, therefore
gaining access to the whole server.
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
