Vulnerabilities > CVE-2006-4904 - Unspecified vulnerability in Qualiteam X-Cart
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN qualiteam
exploit available
Summary
Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 10 |
Exploit-Db
| description | X-Cart < 4.1.3 - Arbitrary Variable Overwrite. CVE-2006-4904. Webapps exploit for PHP platform |
| id | EDB-ID:43842 |
| last seen | 2018-01-24 |
| modified | 2016-08-18 |
| published | 2016-08-18 |
| reporter | Exploit-DB |
| source | https://www.exploit-db.com/download/43842/ |
| title | X-Cart < 4.1.3 - Arbitrary Variable Overwrite |
References
- http://secunia.com/advisories/22005
- http://secunia.com/advisories/22005
- http://www.gulftech.org/?node=research&article_id=00113-09182006&
- http://www.gulftech.org/?node=research&article_id=00113-09182006&
- http://www.securityfocus.com/bid/20108
- http://www.securityfocus.com/bid/20108
- http://www.vupen.com/english/advisories/2006/3692
- http://www.vupen.com/english/advisories/2006/3692
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29005
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29005