Description

SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter.

Remediation

References

CVE-2009-4060

Related Vulnerabilities

WordPress Plugin Forms-Form builder and Contact form Multiple Unspecified Vulnerabilities (1.4.7)

WordPress 3.8.x Multiple Vulnerabilities (3.8 - 3.8.17)

WordPress Plugin Sermon Browser Multiple Cross-Site Scripting Vulnerabilities (0.45.15)

WordPress Plugin Calendar_plugin Cross-Site Scripting (1.0)

Drupal Core 4.7.x Arbitrary Code Execution (4.7.0 - 4.7.5)

Severity

High

Classification

CVE-2009-4060 CWE-138

Tags

Missing Update Known Vulnerabilities