PHP remote file inclusion vulnerability in admin/controls/cart.php in sazcart 1.5 allows remote attackers to execute arbitrary PHP code via the (1) _saz[settings][shippingfolder] and (2) _saz[settings][taxfolder] parameters. Successful exploitation requires that "register_globals" is enabled.
Publication date: Mon, 06 Nov 2006 23:07:00 +0000