includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks.
Max CVSS
2.6
EPSS Score
0.33%
Published
2006-09-01
Updated
2008-09-05
1 vulnerabilities found