| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <0Lj2nG-1aX9go1Y4M-00dDWT@mrelayeu.kundenserver.de> Date: Fri, 13 Nov 2015 16:51:47 +0100 From: "Curesec Research Team (CRT)" <crt@...esec.com> To: fulldisclosure@...lists.org Subject: [FD] XCart 5.2.6: Code Execution Security Advisory - Curesec Research Team 1. Introduction Affected Product: XCart 5.2.6 Fixed in: 5.2.7 Fixed Version Link: https://www.x-cart.com/xc5kit Vendor Contact: support@...art.com Vulnerability Type: Code Execution Remote Exploitable: Yes Reported to vendor: 08/13/2015 Disclosed to public: 11/04/2015 Release mode: Coordinated release CVE: n/a Credits Tim Coen of Curesec GmbH 2. Vulnerability Description When uploading a favicon (http://localhost/anew/xcart/admin.php?target= logo_favicon), there is no check as to what type or extension the file has. This allows an attacker that gained admin credentials to upload a PHP file and thus gain code execution. 3. Solution To mitigate this issue please upgrade at least to version 5.2.7: https://www.x-cart.com/xc5kit Please note that a newer version might already be available. 4. Report Timeline 08/13/2015 Informed Vendor about Issue 09/03/2015 Vendor Requests more time 10/19/2015 Vendor releases fix 11/04/2015 Disclosed to public Blog Reference: http://blog.curesec.com/article/blog/XCart-526-Code-Execution-86.html _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists