Cs-Cart Server Side Template Injection Remote Code Execution Vulnerability

Attached is a serious security vulnerability that you might want to fix in the latest version of CS-Cart. Some people maybe asking why am I reporting it here in a public forum and not emailing it privately? Well I am unable to find an email address to report security vulnerabilities too. The best I could find was here and this only allows me to submit a bug if I am a customer.
Kind Regards,
Steven Seeley