Dynamic variable evaluation vulnerability in cmpi.php in Qualiteam X-Cart 4.1.3 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code, as demonstrated by PHP remote file inclusion via the xcart_dir parameter.
Score: 0.0
Priority: Unclassified
Score: 0.04694
Percentile:
0.88897
CVSS v2 Score: 7.5
Severity: