Description

SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter.

Remediation

References

CVE-2009-4060

Related Vulnerabilities

WordPress 4.9.x PHP Object Injection (4.9 - 4.9.17)

Ruby Improper Input Validation Vulnerability (CVE-2013-1821)

WordPress Plugin Translate WordPress-Google Language Translator Cross-Site Scripting (4.0.9)

WordPress Plugin WP Songbook Cross-Site Scripting (2.0.11)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1159)

Severity

High

Classification

CVE-2009-4060 CWE-138

Tags

Missing Update Known Vulnerabilities