Vulnerabilities > CVE-2006-4904 - Unspecified vulnerability in Qualiteam X-Cart

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

qualiteam

exploit available

NVD

Published: 2006-09-21

Updated: 2017-07-20

Summary

Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter.

Vulnerable Configurations

Part	Description	Count
Application	Qualiteam Qualiteam X Cart 3.2.0 Qualiteam X Cart 3.2.1 Qualiteam X Cart 3.3.0 Qualiteam X Cart 3.3.2 Qualiteam X Cart 3.4.0 Qualiteam X Cart 3.4.3 Qualiteam X Cart 3.4.11 Qualiteam X Cart 3.5.0 Qualiteam X Cart 4.0.8 Qualiteam X Cart 4.1.3	10

Exploit-Db

description	X-Cart < 4.1.3 - Arbitrary Variable Overwrite. CVE-2006-4904. Webapps exploit for PHP platform
id	EDB-ID:43842
last seen	2018-01-24
modified	2016-08-18
published	2016-08-18
reporter	Exploit-DB
source	https://www.exploit-db.com/download/43842/
title	X-Cart < 4.1.3 - Arbitrary Variable Overwrite

Summary

Vulnerable Configurations

Exploit-Db

References