bug

Hi, I'm reposting a bug I've found some time before. Thanks WebStore from www.cgicentral.net is a shopping cart allowing users to buy things on-line. One of the scripts in the package, wsmail.cgi unsafely passes user-submitted data to 'system' command: if $in'terminate' eval system"kill $in'kill'...