CVE-2006-4904

Qualiteam X-Cart <4.1.3 - RCE

Title source: llm

Description

Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter.

Exploits (1)

exploitdb WRITEUP
by GulfTech Security · textwebappsphp
https://www.exploit-db.com/exploits/43842

References (5)

Scores

EPSS 0.0288
EPSS Percentile 86.1%

Classification

Status draft

Affected Products (1)

qualiteam/x-cart < 4.1.3

Timeline

Published Sep 21, 2006
Tracked Since Feb 18, 2026