A vulnerability, which was classified as critical, was found in X-Cart 5.2.23/5.3.1.9/5.3.2.13/5.3.3. This affects some unknown functionality of the component File Extension Filter. The manipulation with an unknown input leads to a input validation vulnerability. CWE is classifying the issue as CWE-20. The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:

X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an "Add File Via URL" action, and change the image's Description URL to reference the .php URL in the attachments/ directory.

The bug was discovered 10/12/2017. The weakness was presented 10/12/2017 (Website). It is possible to read the advisory at sxcurity.github.io. This vulnerability is uniquely identified as CVE-2017-15285 since 10/12/2017. It is possible to initiate the attack remotely. A authentication is required for exploitation. The technical details are unknown and an exploit is not publicly available.

There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Productinfo

Name

• X-Cart

Version

• 5.2.23
• 5.3.1.9
• 5.3.2.13
• 5.3.3

CPE 2.3info

• 🔍
• 🔍
• 🔍

CPE 2.2info

• 🔍
• 🔍
• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion