X-Cart 3.4.3 allows remote attackers to gain sensitive information via a mode parameter with (1) phpinfo command or (2) perlinfo command.
Software | From | Fixed in |
---|---|---|
qualiteam / x-cart | 3.2.0 | 3.2.0.x |
qualiteam / x-cart | 3.2.1 | 3.2.1.x |
qualiteam / x-cart | 3.3.0 | 3.3.0.x |
qualiteam / x-cart | 3.3.2 | 3.3.2.x |
qualiteam / x-cart | 3.4.0 | 3.4.0.x |
qualiteam / x-cart | 3.4.11 | 3.4.11.x |
qualiteam / x-cart | 3.4.3 | 3.4.3.x |