Pacific Software Carello Shopping Cart Carello.DLL Remote Command Execution Vulnerability

info
discussion
exploit
solution
references

Pacific Software Carello Shopping Cart Carello.DLL Remote Command Execution Vulnerability

A vulnerability exists in Carello which could enable a remote user to execute arbitrary commands on the vulnerable system.

Reportedly, the flaw exists in the way Carello.dll accepts HTTP requests. The Carello.dll library doesn't ensure proper checking of user supplied input for HTTP requests containing directory traversal sequences.