CVE-2007-4439

Name of the Vulnerable Software and Affected Versions Squirrelcart versions 1.x.x and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the site isp root parameter, probably related to cart.php. This can be exploited by providing a malicious URL to the vulnerable parameter, potentially leading to the execution of arbitrary code.

Recommendations For Squirrelcart versions 1.x.x and earlier, restrict access to the popup window.php file and avoid using the site isp root parameter until a fix is available. As a temporary workaround, consider validating and sanitizing all input to the site isp root parameter to prevent malicious URLs from being executed.