cgiCentral Webstore Administrator Authentication Bypass Vulnerability

cgiCentral's Webstore is an shopping cart application which processes and manages online purchases.

A vulnerability exists in Webstore which may allow attackers to obtain administrative privileges. The vulnerability is due to a lack of filtering NULL bytes and occurs during the authentication process.

In combination with BID 2861, an attacker may be able to execute arbitrary commands on a webserver running Webstore.
Bugtraq ID 2861 describes a vulnerability involving un-checked user input being passed to system(). The vulnerable part of the script can only be executed by clients with administrative privileges. This vulnerability may allow a remote attacker to exploit BID 2861 and execute commands on the webserver.


 

Privacy Statement
Copyright 2010, SecurityFocus