Exploitation Summary
EIP tracks 1 public exploit for CVE-2001-0614. PoCs published by Peter Gründl.
AI-analyzed exploit summary This exploit leverages a command injection vulnerability in Carello Shopping Cart software by sending a crafted HTTP request to execute arbitrary commands via the VBEXE parameter. The payload demonstrates command execution by writing to a file, exploiting a lack of input validation in the Carello.dll component.
Description
Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain additional privileges and execute arbitrary commands via a specially constructed URL.
Exploits (1)
This exploit leverages a command injection vulnerability in Carello Shopping Cart software by sending a crafted HTTP request to execute arbitrary commands via the VBEXE parameter. The payload demonstrates command execution by writing to a file, exploiting a lack of input validation in the Carello.dll component.