PHP remote file inclusion vulnerability in _functions.php in cpCommerce 0.5f allows remote malicious users to execute arbitrary code via the prefix parameter.
cpcommerce cpcommerce 0.5f