ViArt Shop Multiple Vulnerabilities

ViArt Shop suffers from multiple stored cross-site scripting vulnerabilities. The issues are triggered when input passed via several parameters to several scripts is not properly sanitized before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. Also, the software suffers from remote arbitrary command execution vulnerability when input passed to the ‘DATA’ POST parameter in ‘sips_response.php’ is not properly sanitised before being used to process product payment data. This can be exploited to execute arbitrary commands via specially crafted requests.

Advisories:

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5108.php
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5109.php

Comment are closed.