ViArt Shop sips_response.php DATA Parameter Request Parsing Remote Shell Command Execution

high Nessus Plugin ID 64293

Synopsis

The remote web server hosts an application that allows arbitrary command execution.

Description

The version of the ViArt Shop installed on the remote host contains a flaw that could allow a remote attacker to execute arbitrary commands. Input passed to the 'DATA' parameter in 'sips_response.php' is not properly sanitized before being used to process payment data. An attacker could leverage this vulnerability to execute arbitrary commands on the remote host.

Solution

Upgrade to version 4.1 or later, or apply the referenced patch.

See Also

https://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5109.php

http://www.nessus.org/u?bf05a971

Plugin Details

Severity: High

ID: 64293

File Name: viart_shop_sips_response_code_exec.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 1/30/2013

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:viart:viart_shop

Required KB Items: www/PHP, www/viart_shop

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Available: true

Exploit Ease: Exploits are available

Exploited by Nessus: true

Patch Publication Date: 9/25/2012

Vulnerability Publication Date: 9/25/2012

Exploitable With

Elliot (ViArt Shop 4.1 RCE (Linux))

Reference Information

BID: 55674