CVE-2009-1936

Name of the Vulnerable Software and Affected Versions: cpCommerce versions 1.2.x, possibly including 1.2.9

Description: The issue allows remote attackers to bypass a protection mechanism, enabling them to conduct remote file inclusion and directory traversal attacks, execute arbitrary PHP code, or read arbitrary files. This is achieved via the GLOBALS[prefix] parameter.

Recommendations: For cpCommerce versions 1.2.x, possibly including 1.2.9, consider restricting access to the functions.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the GLOBALS[prefix] parameter in the affected file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.