ShopPlus Arbitrary Command Execution Network Vulnerability

Summary

The ShopPlus CGI is installed. Some versions of this CGI suffer from a vulnerability that allows execution of arbitrary commands with the security privileges of the web server.

Solution

Upgrade to the latest version available by contacting the author of the program. Additional information: http://www.securiteam.com/unixfocus/5PP021P5FK.html

Severity

Classification

CVE CVE-2001-0992

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Apache Archiva Multiple Remote Command Execution Vulnerabilities
Arkeia Appliance Path Traversal Vulnerability
AV Arcade 'ava_code' Cookie Parameter SQL Injection Vulnerability
Acute Control Panel SQL Injection Vulnerability and Remote File Include Vulnerability
Avenger's News System Command Execution

Take action and discover your vulnerabilities