ProfitCode PayProCart 3.0 allows remote attackers to bypass authentication and gain administrative privileges to the admin control panel, as demonstrated via a direct request to adminshop/index.php with hex-encoded .. sequences in the ftoedit parameter.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Payprocart | Profitcode | 3.0 (including) | 3.0 (including) |