{ "CVE_data_meta": { "ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-4527", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "product": { "product_data": [ { "product_name": "n/a", "version": { "version_data": [ { "version_value": "n/a" } ] } } ] }, "vendor_name": "n/a" } ] } }, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": { "description_data": [ { "lang": "eng", "value": "includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allows remote attackers to conduct PHP remote file inclusion attacks." } ] }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "n/a" } ] } ] }, "references": { "reference_data": [ { "name": "21659", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21659" }, { "name": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697", "refsource": "CONFIRM", "url": "http://www.cubecart.com/site/forums/index.php?s=5e34938dc670782af211587b8a450c90&act=Attach&type=post&id=697" }, { "name": "19782", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19782" }, { "name": "http://cubecart.com/site/forums/index.php?showtopic=21540", "refsource": "CONFIRM", "url": "http://cubecart.com/site/forums/index.php?showtopic=21540" }, { "name": "http://www.gulftech.org/?node=research&article_id=00111-08282006&", "refsource": "MISC", "url": "http://www.gulftech.org/?node=research&article_id=00111-08282006&" } ] } }