CVE-2006-6391

Name of the Vulnerable Software and Affected Versions Open Solution Quick.Cart version 2.0

Description The issue allows remote attackers to include arbitrary files via a .. (dot dot) in the config[db type] parameter to API endpoints such as "actions admin/other.php" and "actions client/gallery.php", particularly when register globals is enabled and magic quotes gpc is disabled.

Recommendations For Open Solution Quick.Cart version 2.0, consider disabling the register globals setting and enabling magic quotes gpc to mitigate the risk of exploitation. Additionally, restrict access to the "actions admin/other.php" and "actions client/gallery.php" API endpoints to minimize the risk of including arbitrary files via the config[db type] parameter.