includes/content/gateway.inc.php in CubeCart 3.0.12 and previous versions, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote malicious users to conduct PHP remote file inclusion attacks.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
devellion cubecart 3.0.12 |