PT-2004-1395 · X Cart · X-Cart

Published

2004-03-18

Updated

2017-07-11

CVE-2004-0241

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions X-Cart version 3.4.3

Description The issue allows remote attackers to execute arbitrary commands. This can be achieved via the perl binary argument in either "upgrade.php" or "general.php" API endpoints.

Recommendations For X-Cart version 3.4.3, consider restricting access to the perl binary argument in the affected API endpoints until a patch is available. As a temporary workaround, disabling the execution of arbitrary commands via the perl binary argument can help minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-0241

Affected Products

X-Cart

PT-2004-1395 · X Cart · X-Cart

CVE-2004-0241

Related Identifiers

Affected Products

References · 6