quikstore.cgi in Quikstore Shopping Cart allows remote attackers to execute arbitrary commands via shell metacharacters in the URL portion of an HTTP GET request.Referenceshttp://www.kb.cert.org/vuls/id/671444
