CVE-2017-15285

{"id": "CVE-2017-15285", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}]}, "published": "2017-10-12T08:29:00.617", "references": [{"url": "https://sxcurity.github.io/PHP%20Code%20Injection%20in%20X-Cart.pdf", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an \"Add File Via URL\" action, and change the image's Description URL to reference the .php URL in the attachments/ directory."}, {"lang": "es", "value": "X-Cart 5.2.23, 5.3.1.9, 5.3.2.13 y 5.3.3 es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo. Esta vulnerabilidad existe porque la aplicaci\u00f3n no consigue chequear las extensiones de archivos remotos antes de guardarlos localmente. Esta vulnerabilidad la puede explotar cualquiera con acceso Vendor o superior. Una metodolog\u00eda de ataque es subir un archivo de imagen en la secci\u00f3n Attachments de un cat\u00e1logo de productos, subir un archivo .php con una acci\u00f3n \"Add File Via URL\" y cambiar la URL de descripci\u00f3n de la imagen para que haga referencia a la URL .php en el directorio attachments/."}], "lastModified": "2017-11-03T16:53:02.790", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:qualiteam:x-cart:5.2.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8E903FF-8AB1-4B3D-B0A4-303E14CC343C"}, {"criteria": "cpe:2.3:a:qualiteam:x-cart:5.3.1.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56A18495-7945-4A70-BC1C-F955A2EB010F"}, {"criteria": "cpe:2.3:a:qualiteam:x-cart:5.3.2.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FCC932CA-D539-4D75-A101-F5892FEE1A32"}, {"criteria": "cpe:2.3:a:qualiteam:x-cart:5.3.3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DBC2B8FB-B386-431C-9321-36A71AECC891"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}