|
Family: CGI abuses --> Category: destructive_attack
CubeCart FCKeditor Arbitrary File Upload Vulnerability Vulnerability Scan
Vulnerability Scan Summary Tries to use CubeCart to upload a file with PHP code
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that allows execution
of arbitrary PHP code.
Description :
The version of CubeCart installed on the remote host allows an
unauthenticated user to upload files with arbitrary PHP code and then
to execute them subject to the rights of the web server user id.
See also :
http://www.securityfocus.com/archive/1/425931
http://www.cubecart.com/site/forums/index.php?showtopic=17335
http://www.cubecart.com/site/forums/index.php?showtopic=17338
Solution :
Either apply the patch referenced in the first vendor advisory above
or upgrade to CubeCart version 3.0.10 or later.
Threat Level:
Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|