CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in VirtualCart) allows remote attackers to execute arbitrary code via the template parameter.Referenceshttp://marc.info/?l=bugtraq&m=99237435902211&w=2http://archives.neohapsis.com/archives/bugtraq/2001-06/0067.html
