CS-Cart 'product_id' Parameter SQL Injection Vulnerability

Summary
The host is running CS-Cart and is prone to SQL injection vulnerability.
Impact
Successful exploitation will allow attacker to perform SQL Injection attack and gain sensitive information. Impact Level: Application
Solution
Upgrade to CS-Cart version 2.0.15 or later, For updates refer to http://www.cs-cart.com/
Insight
The flaw is caused by improper validation of user-supplied input via the 'product_id' parameter to index.php that allows attacker to manipulate SQL queries by injecting arbitrary SQL code.
Affected
CS-Cart version 2.0.0 Beta 3
References