Arbitrary PHP Code Execution Vulnerability in CS-Cart by Simbirsk Technologies
CVE-2017-15673

7.2HIGH

Key Information:

Vendor: Cs-cart
Status: Cs-cart
Vendor: CVE Published:; 28 November 2017

What is CVE-2017-15673?

The files function in the administration section of CS-Cart versions 4.6.2 and earlier has a vulnerability that enables attackers to execute arbitrary PHP code. This can be exploited through custom pages by uploading malicious files, potentially compromising the entire web application. Organizations using affected versions of CS-Cart should prioritize patching and securing their installations to mitigate this risk.

References

http://packetstormsecurity.com/files/145096/CSC-Cart-4.6....

x_refsource_MISC

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 28, 2017
Vulnerability Reserved
Oct 20, 2017

Cs-cart

What is CVE-2017-15673?

References

CVSS V3.1

Timeline