Info

Disclosure

Aug 05, 2001

Discovery

Unknown

Dates

Exploit

Aug 05, 2001

Solution

Unknown

Description

ShopCart Plus contains a flaw that allows a remote attacker to execute arbitrary commands. The flaw is due to no sanity checking on input supplied to the "file" variable. It is possible to supply a ";" and any valid unix command, which will be executed by the program.

Classification

Unknown or Incomplete

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Kabotie Software Technologies has released a patch to address this vulnerability.

Products

Kabotie Software Technologies

ShopPlus Cart

1.0

References

CVE ID: 2001-0992 (see also: NVD)
Bugtraq ID: 3294
ISS X-Force ID: 7077
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2001-09/0012.html
Vendor URL: http://www.ksofttech.com/shopplus.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218