Full title: Cart Engine 3.0.0 (task.php) Local File Inclusion Vulnerability 
Category: web applications
Platform: php
Cart Engine suffers from an authenticated file inclusion vulnerability (LFI) when input passed thru the 'run' parameter to task.php is not properly verified before being used to include files. This can be exploited to include files from local resources with directory traversal attacks. Version 3.0.0 is affected.

# 0day.today @ http://0day.today/