| VID |
22011 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
A security problem in the Hassan Consulting Shopping Cart CGI allows execution of arbitrary commands. Hassan Consulting's Shopping Cart is commercial web store software.
The Shopping Cart does not filter certain types of user-supplied input from web requests. This makes it possible for a malicious user to submit a request which causes arbitrary commands to be executed on the host (with the privileges of the webserver process). For example, special shell characters like "|" or ";" are treated as valid by Shopping Cart. |
| Recommendation |
* Hassan Consulting's Shopping Cart Product Homepage: http://www.irata.com/products.html |
| Related URL |
CVE-2001-0985 (CVE) |
| Related URL |
3308 (SecurityFocus) |
| Related URL |
7106 (ISS) |
|
