This issues due to insufficient verification of the various input values from user’s input. The vulnerability allows remote attackers to execute malicious code in Firstmall via navercheckout_add function.
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=36469