CVE-2017-15285 - OpenCVE

X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an "Add File Via URL" action, and change the image's Description URL to reference the .php URL in the attachments/ directory.

No CVSS v4.0

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Qualiteam	X-cart

Configuration 1 [-]

OR	cpe:2.3:a:qualiteam:x-cart:5.2.23:::::::*
	cpe:2.3:a:qualiteam:x-cart:5.3.1.9:::::::*
	cpe:2.3:a:qualiteam:x-cart:5.3.2.13:::::::*
	cpe:2.3:a:qualiteam:x-cart:5.3.3.0:::::::*

No data.

References

Link	Providers
https://sxcurity.github.io/PHP%20Code%20Injection%20in%20X-Cart.pdf

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2017-10-12T08:00:00

Updated: 2024-08-05T19:50:16.469Z

Reserved: 2017-10-12T00:00:00

Link: CVE-2017-15285

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2017-10-12T08:29:00.617

Modified: 2017-11-03T16:53:02.790

Link: CVE-2017-15285

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-12T00:00:00", "descriptions": [{"lang": "en", "value": "X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an \"Add File Via URL\" action, and change the image's Description URL to reference the .php URL in the attachments/ directory."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-10-12T07:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://sxcurity.github.io/PHP%20Code%20Injection%20in%20X-Cart.pdf"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-15285", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an \"Add File Via URL\" action, and change the image's Description URL to reference the .php URL in the attachments/ directory."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://sxcurity.github.io/PHP%20Code%20Injection%20in%20X-Cart.pdf", "refsource": "MISC", "url": "https://sxcurity.github.io/PHP%20Code%20Injection%20in%20X-Cart.pdf"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:50:16.469Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://sxcurity.github.io/PHP%20Code%20Injection%20in%20X-Cart.pdf"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-15285", "datePublished": "2017-10-12T08:00:00", "dateReserved": "2017-10-12T00:00:00", "dateUpdated": "2024-08-05T19:50:16.469Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qualiteam:x-cart:5.2.23:*:*:*:*:*:*:*", "matchCriteriaId": "B8E903FF-8AB1-4B3D-B0A4-303E14CC343C", "vulnerable": true}, {"criteria": "cpe:2.3:a:qualiteam:x-cart:5.3.1.9:*:*:*:*:*:*:*", "matchCriteriaId": "56A18495-7945-4A70-BC1C-F955A2EB010F", "vulnerable": true}, {"criteria": "cpe:2.3:a:qualiteam:x-cart:5.3.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "FCC932CA-D539-4D75-A101-F5892FEE1A32", "vulnerable": true}, {"criteria": "cpe:2.3:a:qualiteam:x-cart:5.3.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DBC2B8FB-B386-431C-9321-36A71AECC891", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an \"Add File Via URL\" action, and change the image's Description URL to reference the .php URL in the attachments/ directory."}, {"lang": "es", "value": "X-Cart 5.2.23, 5.3.1.9, 5.3.2.13 y 5.3.3 es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo. Esta vulnerabilidad existe porque la aplicaci\u00f3n no consigue chequear las extensiones de archivos remotos antes de guardarlos localmente. Esta vulnerabilidad la puede explotar cualquiera con acceso Vendor o superior. Una metodolog\u00eda de ataque es subir un archivo de imagen en la secci\u00f3n Attachments de un cat\u00e1logo de productos, subir un archivo .php con una acci\u00f3n \"Add File Via URL\" y cambiar la URL de descripci\u00f3n de la imagen para que haga referencia a la URL .php en el directorio attachments/."}], "id": "CVE-2017-15285", "lastModified": "2017-11-03T16:53:02.790", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-12T08:29:00.617", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://sxcurity.github.io/PHP%20Code%20Injection%20in%20X-Cart.pdf"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}