CVE-2015-9227

Name of the Vulnerable Software and Affected Versions AlegroCart version 1.2.8

Description The issue allows remote administrators to execute arbitrary PHP code via a URL in the file path parameter to "upload/admin2". This is a result of a PHP remote file inclusion vulnerability in the get file function in upload/admin2/controller/report logs.php.

Recommendations For AlegroCart version 1.2.8, consider restricting access to the get file function in upload/admin2/controller/report logs.php to minimize the risk of exploitation. Avoid using the file path parameter in the affected URL until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.