Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> CGI abuses >> CubeCart FCKeditor Arbitrary File Upload Vulnerability

Vulnerability Assessment Details

CubeCart FCKeditor Arbitrary File Upload Vulnerability
Vulnerability Assessment Summary
Tries to use CubeCart to upload a file with PHP code

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server contains a PHP application that permits execution
of arbitrary PHP code.

Description :

The version of CubeCart installed on the remote host permits an
unauthenticated user to upload files with arbitrary PHP code and then
to execute them subject to the rights of the web server user id.

See also :

http://www.securityfocus.com/archive/1/425931
http://www.cubecart.com/site/forums/index.php?showtopic=17335
http://www.cubecart.com/site/forums/index.php?showtopic=17338

Solution :

Either apply the patch referenced in the first vendor advisory above
or upgrade to CubeCart version 3.0.10 or later.

Network Security Threat Level:

Low / CVSS Base Score : 2.3
(AV:R/AC:L/Au:NR/C:N/I:P/A:N/B:N)

Networks Security ID: 16796

Vulnerability Assessment Copyright: This script is Copyright (C) 2006 Tenable Network Security
Cables, Connectors


Cisco Nexus 48-Port 10G SFP+ Switch N9K-9396PX w/ 9K-M12PQ 12-Port 40G QSFP picture

Cisco Nexus 48-Port 10G SFP+ Switch N9K-9396PX w/ 9K-M12PQ 12-Port 40G QSFP

$249.99


SFP-10G-SR V03 Original CISCO 10-2415-03 850nm 10GBASE-SR SFP+ Multi mode Module picture

SFP-10G-SR V03 Original CISCO 10-2415-03 850nm 10GBASE-SR SFP+ Multi mode Module

$5.89


Lot of 10pcs Brocade 57-1000012-01 8Gbps SWL 850nm SFP+ Optical Transceivers picture

Lot of 10pcs Brocade 57-1000012-01 8Gbps SWL 850nm SFP+ Optical Transceivers

$19.00


Genuine Intel 10Gbe FTLX1471D3BCV-IT E10GSFPLR E65689-001 for Adapter X520 X710 picture

Genuine Intel 10Gbe FTLX1471D3BCV-IT E10GSFPLR E65689-001 for Adapter X520 X710

$18.99


Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver Module 10-2415-03 picture

Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver Module 10-2415-03

$8.00


SFP-10G-SR Original Cisco 10GBASE-SR SFP+ V02 Multi mode Transceiver 10-2415-02 picture

SFP-10G-SR Original Cisco 10GBASE-SR SFP+ V02 Multi mode Transceiver 10-2415-02

$5.00


Brand New Cisco GLC-LH-SMD 1000BASE-LX/LH SFP Module 1310nm 10km SMF LC picture

Brand New Cisco GLC-LH-SMD 1000BASE-LX/LH SFP Module 1310nm 10km SMF LC

$13.89


Lot of 10 - HP 10Gb SR SFP+ Transceiver 455883-B21 455885-001 456096-001 850nm picture

Lot of 10 - HP 10Gb SR SFP+ Transceiver 455883-B21 455885-001 456096-001 850nm

$23.99


Juniper Networks EX3300-48P 48-Port PoE+ 4x SFP+ Network Switch w/ Power Cord picture

Juniper Networks EX3300-48P 48-Port PoE+ 4x SFP+ Network Switch w/ Power Cord

$43.95


LOT OF 20 Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver Module picture

LOT OF 20 Genuine Cisco SFP-10G-SR V03 10GBASE-SR SFP+ Transceiver Module

$89.00


Discussions

No Discussions have been posted on this vulnerability.