RCE via CSRF in osCommerce
|Vulnerable Versions:||2.3.4 and probably prior|
|Advisory Publication:||December 21, 2015 [without technical details]|
|Vendor Notification:||December 21, 2015|
|Public Disclosure:||February 17, 2016|
|Vulnerability Type:||PHP File Inclusion [CWE-98]|
|CVSSv3 Base Score:||5.8 [CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:L/A:L]|
|Discovered and Provided:||High-Tech Bridge Security Research Lab|
High-Tech Bridge Security Research Lab discovered vulnerability in popular e-commerce software osCommerce with 280,000 store owners (according to the vendor). The vulnerability can be exploited to execute arbitrary PHP code on the remote system, compromise the vulnerable web application, its database and even the web server and related environment.
2015-12-21 Vendor notified via emails, no reply.
2016-01-06 Vendor notified via emails and forum, no reply.
2016-01-13 Fix Requested via emails, no reply.
2016-01-19 Fix Requested via emails, no reply.
2016-02-17 Public disclosure.
Currently we are not aware of any official solution for this vulnerability.
| High-Tech Bridge Advisory HTB23284 - https://www.immuniweb.com/advisory/HTB23284 - RCE via CSRF in osCommerce|
 osCommerce - http://www.oscommerce.com/ - osCommerce Online Merchant is a complete self-hosted online store solution that contains both a catalog frontend and an administration tool backend which can be easily installed and configured through a web-based installation procedure.
 Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
 ImmuniWeb® - Leveraging the power of machine-learning and genius of human brain to deliver the most advanced web application security and penetration testing.
 ImmuniWeb® SSLScan - Test your servers for security and compliance with PCI DSS, HIPAA and NIST.
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.