PT-2001-2143 · Shopplus · Shopplus
Publicado
2001-09-05
·
Atualizado
2017-12-19
·
CVE-2001-0992
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
ShopPlus shopping cart (affected versions not specified)
Description
The issue allows remote attackers to execute arbitrary commands via shell metacharacters in the
file parameter of the shopplus.cgi script.Recommendations
For all affected versions, avoid using the
file parameter in the shopplus.cgi script until a patch is available. As a temporary workaround, consider restricting access to the shopplus.cgi script to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Shopplus