includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks.
References
Configurations
History
No history.
Information
Published : 2006-09-01 23:04
Updated : 2024-02-04 16:52
NVD link : CVE-2006-4527
Mitre link : CVE-2006-4527
CVE.ORG link : CVE-2006-4527
JSON object : View
Products Affected
devellion
- cubecart
CWE