Hassan Consulting Shopping Cart Arbitrary Command Execution Vulnerability

Hassan Consulting's Shopping Cart is commercial web store software.

Shopping Cart does not filter certain types of user-supplied input from web requests. This makes it possible for a malicious user to submit a request which causes arbitrary commands to be executed on the host (with the privileges of the webserver process). For example, special shell characters like "|" or ";" are treated as valid by Shopping Cart.


 

Privacy Statement
Copyright 2010, SecurityFocus