Enune

**Name of the Vulnerable Software and Affected Versions** phpShop versions 0.7.1 and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code by modifying the `base dir` parameter to reference a URL on a remote web server that contains phpshop.cfg. This is achieved through a remote file inclusion vulnerability in the index.php file. **Recommendations** For phpShop versions 0.7.1 and earlier, avoid using the `base dir` parameter to reference external URLs until a fix is available. As a temporary workaround, consider restricting access to the index.php file to minimize the risk of exploitation.