 |
|
|
|
| Vulnerability details : |
| |
 |
|
DevMass Shopping Cart admin/kfm/initialise.php kfm_base_path Parameter Remote File Inclusion |
|
|
Fiche créée le 2007-11-26 02:49:35, dernière mise à jour le 2011-10-17 13:20:31
DevMass Shopping Cart contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'admin/kfm/initialise.php' script not properly sanitizing user input supplied to the 'kfm_base_path' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).
|
| |
| | Attack Type : Input Manipulation
XSS, SQL injection, file retrieval, directory traversal, overflows, URL encoding. | Découvert le 2007-11-22 07:00:00
| Exploit : Exploit Unknown
Unsure of exploit status. | Exploit découvert le 1970-01-01 07:00:00
| | Exploit : Exploit Public | | | Impact : Loss of Integrity
Assurance that data is unaltered by unauthorized persons.
Examples: XSS, arbitrary command execution, most overflows, most format strings, SQL injection, unauthorized file modification/deletion/creation, remote file inclusion, etc. | | | Location : Remote / Network Access
If network access if required and exploit can be done remotely. | | | OSVDB : Web Related
The vulnerability is a web issue and will have an associated security check. | | | | Solution : Solution Unknown |
OSVDB is not aware of a solution for this vulnerability.
Solution découverte le 1970-01-01 07:00:00
|
| |
| External refs : |
| OSVDB 38809 | | | | | | | | | | | | | | |
| |
| |
| |
| |
|
|
|
|
| Free consultation (search) |
|
|
|
|
|
| |
|
|
|
