Make0Day

**Name of the Vulnerable Software and Affected Versions** TECHNOTE version 7.2 **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `shop this skin path` parameter when `register globals` is enabled. This is a different vector than previously identified issues. **Recommendations** For TECHNOTE version 7.2, consider disabling the `register globals` setting to prevent exploitation until a patch is available. Restrict access to the `skin shop/standard/2 view body/body default.php` file to minimize the risk of exploitation. Avoid using the `shop this skin path` parameter in the affected file until the issue is resolved.