VULHUB ™

Kabotie Software Technologies ShopPlus Cart is commercial web store software. ShopPlus Cart does not filter certain types of user-supplied input from web requests. This makes it possible for a malicious user to submit a request which causes arbitrary commands to be executed on the host(with the privileges of the webserver process). For example, special shell characters like '|' or ';' are treated as valid by ShopPlus Cart. Sensitive data may be disclosed to a remote attacker as a result of this issue, potentially allowing the attacker to gain local access to the host. The remote attacker will also be able to bypass authentication for the ShopPlus Cart service and access other accounts and restricted information.

Kabotie Software Technologies ShopPlus Cart is commercial web store software. ShopPlus Cart does not filter certain types of user-supplied input from web requests. This makes it possible for a malicious user to submit a request which causes arbitrary commands to be executed on the host(with the privileges of the webserver process). For example, special shell characters like '|' or ';' are treated as valid by ShopPlus Cart. Sensitive data may be disclosed to a remote attacker as a result of this issue, potentially allowing the attacker to gain local access to the host. The remote attacker will also be able to bypass authentication for the ShopPlus Cart service and access other accounts and restricted information.