cgiCentral Webstore Administrator Authentication Bypass Vulnerability
cgiCentral's Webstore is an shopping cart application which processes and manages online purchases.
A vulnerability exists in Webstore which may allow attackers to obtain administrative privileges. The vulnerability is due to a lack of filtering NULL bytes and occurs during the authentication process.
In combination with BID 2861, an attacker may be able to execute arbitrary commands on a webserver running Webstore.
Bugtraq ID 2861 describes a vulnerability involving un-checked user input being passed to system(). The vulnerable part of the script can only be executed by clients with administrative privileges. This vulnerability may allow a remote attacker to exploit BID 2861 and execute commands on the webserver.