CVE-2017-15285 (GCVE-0-2017-15285)

Vulnerability from cvelistv5 – Published: 2017-10-12 08:00 – Updated: 2024-08-05 19:50
VLAI?
Summary
X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an "Add File Via URL" action, and change the image's Description URL to reference the .php URL in the attachments/ directory.
Severity ?
No CVSS data available.
CWE
  • n/a
Assigner
References
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:50:16.469Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://sxcurity.github.io/PHP%20Code%20Injection%20in%20X-Cart.pdf"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-10-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an \"Add File Via URL\" action, and change the image\u0027s Description URL to reference the .php URL in the attachments/ directory."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-10-12T07:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://sxcurity.github.io/PHP%20Code%20Injection%20in%20X-Cart.pdf"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-15285",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an \"Add File Via URL\" action, and change the image\u0027s Description URL to reference the .php URL in the attachments/ directory."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://sxcurity.github.io/PHP%20Code%20Injection%20in%20X-Cart.pdf",
              "refsource": "MISC",
              "url": "https://sxcurity.github.io/PHP%20Code%20Injection%20in%20X-Cart.pdf"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-15285",
    "datePublished": "2017-10-12T08:00:00",
    "dateReserved": "2017-10-12T00:00:00",
    "dateUpdated": "2024-08-05T19:50:16.469Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qualiteam:x-cart:5.2.23:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B8E903FF-8AB1-4B3D-B0A4-303E14CC343C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qualiteam:x-cart:5.3.1.9:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"56A18495-7945-4A70-BC1C-F955A2EB010F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qualiteam:x-cart:5.3.2.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FCC932CA-D539-4D75-A101-F5892FEE1A32\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:qualiteam:x-cart:5.3.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DBC2B8FB-B386-431C-9321-36A71AECC891\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an \\\"Add File Via URL\\\" action, and change the image\u0027s Description URL to reference the .php URL in the attachments/ directory.\"}, {\"lang\": \"es\", \"value\": \"X-Cart 5.2.23, 5.3.1.9, 5.3.2.13 y 5.3.3 es vulnerable a la ejecuci\\u00f3n remota de c\\u00f3digo. Esta vulnerabilidad existe porque la aplicaci\\u00f3n no consigue chequear las extensiones de archivos remotos antes de guardarlos localmente. Esta vulnerabilidad la puede explotar cualquiera con acceso Vendor o superior. Una metodolog\\u00eda de ataque es subir un archivo de imagen en la secci\\u00f3n Attachments de un cat\\u00e1logo de productos, subir un archivo .php con una acci\\u00f3n \\\"Add File Via URL\\\" y cambiar la URL de descripci\\u00f3n de la imagen para que haga referencia a la URL .php en el directorio attachments/.\"}]",
      "id": "CVE-2017-15285",
      "lastModified": "2024-11-21T03:14:23.133",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2017-10-12T08:29:00.617",
      "references": "[{\"url\": \"https://sxcurity.github.io/PHP%20Code%20Injection%20in%20X-Cart.pdf\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"https://sxcurity.github.io/PHP%20Code%20Injection%20in%20X-Cart.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-15285\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-10-12T08:29:00.617\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"X-Cart 5.2.23, 5.3.1.9, 5.3.2.13, and 5.3.3 is vulnerable to Remote Code Execution. This vulnerability exists because the application fails to check remote file extensions before saving locally. This vulnerability can be exploited by anyone with Vendor access or higher. One attack methodology is to upload an image file in the Attachments section of a product catalog, upload a .php file with an \\\"Add File Via URL\\\" action, and change the image\u0027s Description URL to reference the .php URL in the attachments/ directory.\"},{\"lang\":\"es\",\"value\":\"X-Cart 5.2.23, 5.3.1.9, 5.3.2.13 y 5.3.3 es vulnerable a la ejecuci\u00f3n remota de c\u00f3digo. Esta vulnerabilidad existe porque la aplicaci\u00f3n no consigue chequear las extensiones de archivos remotos antes de guardarlos localmente. Esta vulnerabilidad la puede explotar cualquiera con acceso Vendor o superior. Una metodolog\u00eda de ataque es subir un archivo de imagen en la secci\u00f3n Attachments de un cat\u00e1logo de productos, subir un archivo .php con una acci\u00f3n \\\"Add File Via URL\\\" y cambiar la URL de descripci\u00f3n de la imagen para que haga referencia a la URL .php en el directorio attachments/.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qualiteam:x-cart:5.2.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B8E903FF-8AB1-4B3D-B0A4-303E14CC343C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qualiteam:x-cart:5.3.1.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"56A18495-7945-4A70-BC1C-F955A2EB010F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qualiteam:x-cart:5.3.2.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FCC932CA-D539-4D75-A101-F5892FEE1A32\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:qualiteam:x-cart:5.3.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DBC2B8FB-B386-431C-9321-36A71AECC891\"}]}]}],\"references\":[{\"url\":\"https://sxcurity.github.io/PHP%20Code%20Injection%20in%20X-Cart.pdf\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://sxcurity.github.io/PHP%20Code%20Injection%20in%20X-Cart.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.