CVE-2001-0985

Hassan Consulting Shopping Cart 1.23 - RCE

Title source: llm

Description

shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Alexey Sintsov · perlremotecgi

https://www.exploit-db.com/exploits/21104

View Code ZIP pw:eip

References (4)

[Exploit, Vendor Advisory] http://www.securityfocus.com/bid/3308

[Vendor Advisory] http://www.securityfocus.com/archive/1/212827

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/7106

[Patch] http://www.irata.com/shopver.html

Scores

EPSS 0.0758

EPSS Percentile 91.9%

Details

Status published

Products (1)

hassan_consulting/shopping_cart 1.23

Published Sep 08, 2001

Tracked Since Feb 18, 2026