Shai Magal

**Name of the Vulnerable Software and Affected Versions** Squirrelcart versions 1.x.x and earlier **Description** The issue allows remote attackers to execute arbitrary PHP code via a URL in the `site isp root` parameter, probably related to `cart.php`. This can be exploited by providing a malicious URL to the vulnerable parameter, potentially leading to the execution of arbitrary code. **Recommendations** For Squirrelcart versions 1.x.x and earlier, restrict access to the `popup window.php` file and avoid using the `site isp root` parameter until a fix is available. As a temporary workaround, consider validating and sanitizing all input to the `site isp root` parameter to prevent malicious URLs from being executed.