Full title: Cart Engine 3.0.0 (task.php) Local File Inclusion Vulnerability Category: web applications Platform: php Cart Engine suffers from an authenticated file inclusion vulnerability (LFI) when input passed thru the 'run' parameter to task.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks. Version 3.0.0 is affected. # 0day.today @ http://0day.today/