Input validation error in X-Cart - CVE-2017-15285
Published: October 12, 2017 / Updated: August 8, 2020
Vulnerability identifier: #VU38073
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2017-15285
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Qualiteam Corp.
Affected software:
X-Cart
X-Cart
Detailed vulnerability description
The vulnerability allows a remote authenticated user to execute arbitrary code.
X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an "Add File Via URL" action, and change the image's Description URL to reference the .php URL in the attachments/ directory.
How to mitigate CVE-2017-15285
Install update from vendor's website.