CVE-2006-4527

Name of the Vulnerable Software and Affected Versions CubeCart versions 3.0.12 and earlier

Description The issue arises from an insufficiently restrictive regular expression used to validate the gateway parameter in the includes/content/gateway.inc.php file. This allows remote attackers to conduct PHP remote file inclusion attacks when magic quotes gpc is disabled.

Recommendations For CubeCart versions 3.0.12 and earlier, update to a version where the gateway parameter validation has been improved to prevent PHP remote file inclusion attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.