Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: destructive_attack

CubeCart FCKeditor Arbitrary File Upload Vulnerability Vulnerability Scan

Vulnerability Scan Summary
Tries to use CubeCart to upload a file with PHP code

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that allows execution
of arbitrary PHP code.

Description :

The version of CubeCart installed on the remote host allows an
unauthenticated user to upload files with arbitrary PHP code and then
to execute them subject to the rights of the web server user id.

See also :

Solution :

Either apply the patch referenced in the first vendor advisory above
or upgrade to CubeCart version 3.0.10 or later.

Threat Level:

Low / CVSS Base Score : 2.3

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.