CGI Rescue Shopping Cart Professional Remote Command Execution Vulnerability

Bugtraq ID:	22245
Class:	Input Validation Error
CVE:	CVE-2007-0565
Remote:	Yes
Local:	No
Published:	Jan 25 2007 12:00AM
Updated:	May 12 2015 07:35PM
Credit:	This issue was reported in a JVN advisory.
Vulnerable:	CGI-Rescue Shopping Cart Professional 7.50
Not Vulnerable:	CGI-Rescue Shopping Cart Professional 7.51

CGI Rescue Shopping Cart Professional Remote Command Execution Vulnerability

Shopping Cart Professional is prone to a remote command-execution vulnerability because the application fails to properly sanitize user-supplied input.

Exploiting this issue allows attackers to execute arbitrary commands in the context of the server.

A successful exploit could facilitate the compromise of an affected computer; other attacks are also possible.

This issue affects versions 7.50; other versions may also be affected.

CGI Rescue Shopping Cart Professional Remote Command Execution Vulnerability

Attackers can exploit this issue via a browser.

CGI Rescue Shopping Cart Professional Remote Command Execution Vulnerability

Solution:
The vendor has released an update to address this issue. Please see the references for more information.

CGI Rescue Shopping Cart Professional Remote Command Execution Vulnerability

References: