Description
SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Vision Interactive For WordPress Cross-Site Scripting (1.4.4)
Jenkins Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2017-2612)
WordPress Plugin WHIZZ Cross-Site Request Forgery (1.1)
WordPress Plugin Rencontre-Dating Site Multiple Vulnerabilities (3.1.2)
MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-5252)