ViArt Shop Remote Code Execution Vulnerability

Summary
ViArt Shop is prone to a remote code-execution vulnerability. Input passed to the 'DATA' POST parameter in 'sips_response.php' is not properly sanitised before being used to process product payment data. This can be exploited to execute arbitrary commands via specially crafted requests. Affected version: 4.1, 4.0.8, 4.0.5
Solution
Updates are available. Please see the references for more information.
References