CS-Cart Unrestricted File Upload Vulnerability in Version 4.18.3 Allowing Arbitrary Code Execution

A file upload vulnerability in CS-Cart version 4.18.3 allows attackers to execute arbitrary code. The application permits unrestricted uploads of HTML files, which are directly rendered in the browser. This vulnerability enables attackers to upload crafted HTML files containing malicious content, such as fake login forms for credential harvesting or scripts for Cross-Site Scripting (XSS) attacks. Since the uploaded content is served from a trusted domain, the likelihood of successful phishing or script execution against other users is significantly increased.

Impact

Exploitation of this vulnerability allows attackers to upload and execute malicious HTML files, which can be used for phishing attacks, credential theft, or Cross-Site Scripting (XSS) exploits.

Remediation

To address this vulnerability, block HTML files and similar extensions at the upload level. Implement server-side MIME type checks, use 'Content-Disposition: attachment' headers to force file downloads, and consider sandboxing or quarantining user-uploaded content.