Home / os / winmobile

CSC Cart 4.6.2 Shell Upload

Posted on 25 November 2017

**** Summary CSC Cart is a PHP based shopping cart software, which is hosted either locally or by the company csc-cart company. It has a vulnerability in the administration section, which allows full remote code execution on the server. This has been allcoated CVE-2017-15673 **** Vendor of Product cs-cart.com **** Affected Product Code Base CS-Cart - 4.6.2 and Some Previous **** Attack Vectors A custom page can be created as part of the files function in the administration section. It is possible to give this page a .php filetype and fill it with valid php code. This can then be saved in a location which allows the pages to be executed as php, therefore gaining access to the whole server.

 

TOP