ECshop history patch new backdoor Vulnerability
Release date:
Updated on:
Affected Systems:
ECShop 273utf8_patch006
Description:
--------------------------------------------------------------------------------
ECSHOP is an open-source online shop system.
ECSHOP 273utf8_patch006 the history patch package has been tampered with \ admin \ privilege. php, and malicious backdoors exist in implementation, which can cause leakage of sensitive information.
<* Source: Qi Ji
Link: http://www.wooyun.org/bugs/wooyun-2010-024796
Http://bbs.jiasule.com/thread-3819-1-1.html
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
ECShop
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.ecshop.com/
Http://bbs.ecshop.com/thread-1130889-1-1.html