CVE-2007-2474 Information

Description

Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools SunShop Shopping Cart 4.0 allow remote attackers to execute arbitrary PHP code via a URL in the abs_path parameter to (1) include/payment/payflow_pro.php (2) global.php or (3) libsecure.php different vectors than CVE-2007-2070.

Reference

http://www.securityfocus.com/archive/1/466850/100/0/threaded http://www.securityfocus.com/bid/23662