Carello E-Commerce Carello.dll Command Execution

high Nessus Plugin ID 11776

Language:

Synopsis

The remote web application has a command execution vulnerability.

Description

The remote host appears to be running Carello.dll, a web-based shopping cart.

Versions up to 1.3 of this web shopping cart have a command execution vulnerability. This could allow a remote attacker to run arbitrary commands on the system with the privileges of the web server.

*** Note that no attack was performed, and the version number was *** not checked, so this might be a false alert

Solution

Upgrade to the latest version of the software.

See Also

https://www.westpoint.ltd.uk/advisories/wp-02-0012.txt

Plugin Details

Severity: High

ID: 11776

File Name: carello.nasl

Version: 1.21

Type: remote

Family: CGI abuses

Published: 6/26/2003

Updated: 1/19/2021

Configuration: Enable paranoid mode

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.1

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

Required KB Items: Settings/ParanoidReport

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 5/14/2001

Reference Information

CVE: CVE-2001-0614

BID: 2729