Title: cgiCentral Webstore Administrator Authentication Bypass Vulnerability
Severity: HIGH
Description:
cgiCentral's Webstore is an shopping cart application which processes and manages online purchases.
A vulnerability exists in Webstore which may allow attackers to obtain administrative privileges. The vulnerability is due to a lack of filtering NULL bytes and occurs during the authentication process.
During the authentication process, the 'WSSecurity.pl' script attempts to open a file containing user information.
The file that is opened has a filename partially composed of user input. If this file does not exist, the authentication process fails. Due to a lack of filtering of NULL bytes, it is possible to cause an arbitrary file to be opened. This may allow users to bypass the authentication process and gain administrative privileges in Webstore.
In combination with BID 2861, an attacker may be able to execute arbitrary commands on a webserver running Webstore.
Bugtraq ID 2861 describes a vulnerability involving un-checked user input being passed to system(). The vulnerable part of the script can only be executed by clients with administrative privileges. This vulnerability may allow a remote attacker to exploit BID 2861 and execute commands on the webserver.
Affected Products:
- cgiCentral WebStore 400 4.14.0
- cgiCentral WebStore 400CS 4.14.0
References:
- cgiCentral: cgiCentral Webpage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
