vendor:
ppalCart
by:
momo26
9,3
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: ppalCart
Affected Version From: 2.5 EE
Affected Version To: 2.5 EE
Patch Exists: NO
Related CWE: N/A
CPE: a:profitcode:ppalcart:2.5_ee
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020
ppalCart V(2.5 EE) Remote File Inclusion
ppalCart V(2.5 EE) is vulnerable to a Remote File Inclusion vulnerability due to the lack of proper sanitization of user-supplied input. An attacker can exploit this vulnerability by sending a malicious URL in the 'proMod' parameter of the 'index.php' and 'mainpage.php' files. This can allow the attacker to execute arbitrary code on the vulnerable system.
Mitigation:
Input validation should be used to ensure that user-supplied input is properly sanitized.
