VAMCart 'tinybrowser.php' Remote Arbitrary File Upload Vulnerability
BID:53724
Info
VAMCart 'tinybrowser.php' Remote Arbitrary File Upload Vulnerability
| Bugtraq ID: | 53724 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | May 29 2012 12:00AM |
| Updated: | May 29 2012 12:00AM |
| Credit: | KedAns-Dz |
| Vulnerable: |
VAMCart VAMCart 0.9 |
| Not Vulnerable: | |
Discussion
VAMCart 'tinybrowser.php' Remote Arbitrary File Upload Vulnerability
VAMCart is prone to an arbitrary-file-upload vulnerability because the application fails to adequately sanitize user-supplied input.
An attacker may leverage this issue to upload arbitrary files to the affected server; this can result in arbitrary code execution within the context of the vulnerable application.
VAMCart 0.9 is vulnerable; other versions may also be affected.
VAMCart is prone to an arbitrary-file-upload vulnerability because the application fails to adequately sanitize user-supplied input.
An attacker may leverage this issue to upload arbitrary files to the affected server; this can result in arbitrary code execution within the context of the vulnerable application.
VAMCart 0.9 is vulnerable; other versions may also be affected.
Exploit / POC
VAMCart 'tinybrowser.php' Remote Arbitrary File Upload Vulnerability
Attackers can exploit this issue through a web browser.
The following exploit code is available:
Attackers can exploit this issue through a web browser.
The following exploit code is available:
Solution / Fix
VAMCart 'tinybrowser.php' Remote Arbitrary File Upload Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
VAMCart 'tinybrowser.php' Remote Arbitrary File Upload Vulnerability
References:
References:
- VamCart CMS Homepage (VamCart)