CVE-2010-3210

Name of the Vulnerable Software and Affected Versions Multi-lingual E-Commerce System version 0.2

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the include path parameter to various PHP files, including (1) checkout2-CYM.php, (2) checkout2-EN.php, (3) checkout2-FR.php, (4) cat-FR.php, (5) cat-EN.php, (6) cat-CYM.php, (7) checkout1-CYM.php, (8) checkout1-EN.php, (9) checkout1-FR.php, (10) prod-CYM.php, (11) prod-EN.php, and (12) prod-FR.php in the inc/ directory.

Recommendations As a temporary workaround, consider restricting access to the include path parameter in the affected PHP files until a patch is available. Avoid using the include path parameter in the affected API endpoints until the issue is resolved. Restrict access to the inc/ directory to minimize the risk of exploitation.