CVE-2001-0614

Carello E-Commerce <1.2.1 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2001-0614. PoCs published by Peter Gründl.

AI-analyzed exploit summary This exploit leverages a command injection vulnerability in Carello Shopping Cart software by sending a crafted HTTP request to execute arbitrary commands via the VBEXE parameter. The payload demonstrates command execution by writing to a file, exploiting a lack of input validation in the Carello.dll component.

Description

Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain additional privileges and execute arbitrary commands via a specially constructed URL.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Peter Gründl · textremotewindows
https://www.exploit-db.com/exploits/20850

This exploit leverages a command injection vulnerability in Carello Shopping Cart software by sending a crafted HTTP request to execute arbitrary commands via the VBEXE parameter. The payload demonstrates command execution by writing to a file, exploiting a lack of input validation in the Carello.dll component.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Carello Shopping Cart (version unspecified)
No auth needed
Prerequisites: Network access to the target web server · Carello Shopping Cart software installed and accessible
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/6532
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=98991352402073&w=2

Scores

EPSS 0.0316
EPSS Percentile 86.4%

Details

Status published
Products (1)
carello/e-commerce < 1.2.1
Published Aug 22, 2001
Tracked Since Feb 18, 2026