Sql injection

2007-05-2419:30:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

75.0%

JSON

Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification.

CPENameOperatorVersion
cubecarteq3.0.16

CPE	Name	Operator	Version
	cubecart	eq	3.0.16

References

osvdb.org/38100

securityreason.com/securityalert/2730

www.securityfocus.com/archive/1/469301/100/0/threaded

www.securityfocus.com/bid/24100

exchange.xforce.ibmcloud.com/vulnerabilities/34460