X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via the perl_binary argument in (1) upgrade.php or (2) general.php.
Name | Vendor | Start Version | End Version |
---|---|---|---|
X-cart | Qualiteam | 3.2.0 (including) | 3.2.0 (including) |
X-cart | Qualiteam | 3.2.1 (including) | 3.2.1 (including) |
X-cart | Qualiteam | 3.3.0 (including) | 3.3.0 (including) |
X-cart | Qualiteam | 3.3.2 (including) | 3.3.2 (including) |
X-cart | Qualiteam | 3.4.0 (including) | 3.4.0 (including) |
X-cart | Qualiteam | 3.4.3 (including) | 3.4.3 (including) |
X-cart | Qualiteam | 3.4.11 (including) | 3.4.11 (including) |