CVE-2005-1289

E-Cart 2004 <1.1 - RCE

Title source: llm

Description

index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters.

Exploits (1)

exploitdb WORKING POC VERIFIED

by z · perlwebappscgi

https://www.exploit-db.com/exploits/954

View Code ZIP pw:eip

References (3)

[Exploit] http://securitytracker.com/id?1013780

[Third Party Advisory] http://secunia.com/advisories/15054

[Mailing List] http://marc.info/?l=bugtraq&m=111428818425864&w=2

Scores

EPSS 0.0869

EPSS Percentile 92.5%

Details

Status published

Products (1)

e-cart/e-cart 2004_1.1

Published May 02, 2005

Tracked Since Feb 18, 2026