Full title: Cart Engine 3.0.0 Remote Code Execution Vulnerability 
Category: web applications
Platform: php
Cart Engine suffers from an authenticated arbitrary code execution. The vulnerability is caused due to the improper verification of uploaded files in several modules thru several POST parameters. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script file that will be stored in '/public/image' directory. Version 3.0.0 is affected.

# 0day.today @ http://0day.today/