CVE-2007-4907 Information

Description

Multiple PHP remote file inclusion vulnerabilities in X-Cart allow remote attackers to execute arbitrary PHP code via a URL in the xcart_dir parameter to (1) config.php (2) prepare.php (3) smarty.php (4) customer/product.php (5) provider/auth.php and (6) admin/auth.php.

Reference

http://osvdb.org/38972 http://osvdb.org/38973 http://osvdb.org/38974 http://osvdb.org/38976 http://osvdb.org/38977 http://www.securityfocus.com/bid/25637 https://exchange.xforce.ibmcloud.com/vulnerabilities/36574 https://www.exploit-db.com/exploits/4396