CVE-2006-4904

Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter.

Date published : 2006-09-20

http://www.securityfocus.com/bid/20108

http://www.gulftech.org/?node=research&article_id=00113-09182006&