Summary
ViArt Shop is prone to a remote code-execution vulnerability.
Input passed to the 'DATA' POST parameter in 'sips_response.php' is not properly sanitised before being used to process product payment data. This can be exploited to execute arbitrary commands via specially crafted requests.
Affected version: 4.1, 4.0.8, 4.0.5
Solution
Updates are available. Please see the references for more information.
References
Severity
Classification
-
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Apache Axis2 Document Type Declaration Processing Security Vulnerability
- AdaptBB Multiple Input Validation Vulnerabilities
- AlstraSoft AskMe Pro 'forum_answer.php' and 'profile.php' Multiple SQL Injection Vulnerabilities
- Awstats Configuration File Remote Arbitrary Command Execution Vulnerability
- A-A-S Application Access Server Multiple Vulnerabilities