cgiCentral WebStore Arbitrary Command Execution Vulnerability

cgiCentral's Webstore is an shopping cart application which processes and manages online purchases.

Ws_mail.cgi calls system() with user-supplied data in the command string. Because it does not filter metacharacters out of the user-supplied data, it is possible for administrators to execute arbitrary commands on webserver hosts.

It should be noted that administrative privileges in Webstore are required to exploit this vulnerability. Malicious administrators, who do not have access to the host serving the script, may use this vulnerability to gain access. If remote attackers can authenticate as administrators, they may also be able to exploit this vulnerability to gain access to the host. Bugtraq ID 2860 creates a condition where this may be possible.


Privacy Statement
Copyright 2010, SecurityFocus