SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter.
References
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 01:08
Type | Values Removed | Values Added |
---|---|---|
References | () http://forums.cubecart.com/index.php?showtopic=39900 - | |
References | () http://osvdb.org/60306 - | |
References | () http://secunia.com/advisories/37402 - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/37065 - | |
References | () http://www.vupen.com/english/advisories/2009/3290 - Vendor Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/54331 - |
Information
Published : 2009-11-24 02:30
Updated : 2024-11-21 01:08
NVD link : CVE-2009-4060
Mitre link : CVE-2009-4060
CVE.ORG link : CVE-2009-4060
JSON object : View
Products Affected
cubecart
- cubecart
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')