CVE-2007-2424

Name of the Vulnerable Software and Affected Versions The Merchant (themerchant) version 2.2

Description A remote file inclusion issue in the help/index.php file allows remote attackers to execute arbitrary PHP code via a URL in the show parameter.

Recommendations For version 2.2, update the help/index.php file to properly validate and sanitize the show parameter to prevent remote file inclusion attacks. As a temporary workaround, consider restricting access to the help/index.php file until a patch is available.