ViArt Shop Remote Code Execution Vulnerability Network Vulnerability

Summary

ViArt Shop is prone to a remote code-execution vulnerability. Input passed to the 'DATA' POST parameter in 'sips_response.php' is not properly sanitised before being used to process product payment data. This can be exploited to execute arbitrary commands via specially crafted requests. Affected version: 4.1, 4.0.8, 4.0.5

Solution

Updates are available. Please see the references for more information.

References

http://www.viart.com/downloads/sips_response.zip
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5109.php

Updated on 2015-03-25

Severity

Classification

CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apache Axis2 Document Type Declaration Processing Security Vulnerability
AdaptBB Multiple Input Validation Vulnerabilities
AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
A-A-S Application Access Server Multiple Vulnerabilities

Take action and discover your vulnerabilities