2 matches found
X-Cart < 4.1.3 - Arbitrary Variable Overwrite Vulnerability
Exploit for php platform in category web applications X-Cart Arbitrary Variable Overwrite Vendor: Qualiteam Product: X-Cart Version: $value $$var = $value; As we can see every single post variable is dynamically evaluated. This is especially dangerous because register globals and magic q...
CVE-2006-4904
CVE-2006-4904 affects Qualiteam X-Cart 4.1.3 and earlier. A vulnerability in the cmpi.php script allows dynamic variable evaluation, permitting an attacker to overwrite arbitrary configuration variables and execute arbitrary PHP code (demonstrated via PHP remote file inclusion using the xcart_dir...