Qualiteam X-Cart CMPI.PHP Arbitrary Variable Overwrite Vulnerability

Qualiteam X-Cart is prone to a vulnerability that permits an attacker to overwrite arbitrary variables. This issue is due to a design flaw in handling HTTP POST variables.

An attacker can exploit this issue to overwrite the arbitrary variables with arbitrary input. Through control of the global variables, the attacker may be able to perform remote and local file-include, cross-site scripting, SQL-injection, and other attacks. This may facilitate a complete remote compromise of the application.


 

Privacy Statement
Copyright 2010, SecurityFocus