PT-2007-7211 · Viart · Viart Shop Free+3

Romancyxhacker

Published

2007-12-13

Updated

2017-10-19

CVE-2007-6347

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions ViArt CMS version 3.3.2 ViArt HelpDesk version 3.3.2 ViArt Shop Evaluation version 3.3.2 ViArt Shop Free version 3.3.2

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the root folder path parameter in the blocks/block site map.php file.

Recommendations For ViArt CMS version 3.3.2, avoid using the root folder path parameter in the affected API endpoint until the issue is resolved. For ViArt HelpDesk version 3.3.2, restrict access to the blocks/block site map.php file to minimize the risk of exploitation. For ViArt Shop Evaluation version 3.3.2, consider disabling the execution of PHP code in the blocks/block site map.php file as a temporary workaround. For ViArt Shop Free version 3.3.2, restrict access to the root folder path parameter in the blocks/block site map.php file to minimize the risk of exploitation.

Exploit

Fix

Code Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94

Related Identifiers

CVE-2007-6347

Affected Products

Viart Cms

Viart Helpdesk

Viart Shop Evaluation

Viart Shop Free

PT-2007-7211 · Viart · Viart Shop Free+3

CVE-2007-6347

Weakness Enumeration

Related Identifiers

Affected Products

References · 7