Pedro Sanches

**Name of the Vulnerable Software and Affected Versions** CubeCart version 2.0.1 **Description** The issue allows remote attackers to gain sensitive information via an HTTP request with an invalid `cat id` parameter, which reveals the full path in a PHP error message. **Recommendations** For CubeCart version 2.0.1, consider validating and sanitizing the `cat id` parameter to prevent the disclosure of sensitive information. As a temporary workaround, restrict access to the `index.php` file until a patch is available.