Description
SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php.
Remediation
References
Related Vulnerabilities
PHP Other Vulnerability (CVE-2005-3392)
Django Incorrect Default Permissions Vulnerability (CVE-2020-24583)
WordPress Plugin Advanced Shipping Validation for WooCommerce Cross-Site Scripting (1.0.0)
Apache Traffic Server Improper Input Validation Vulnerability (CVE-2021-44040)
XWiki Incorrect Use of Privileged APIs Vulnerability (CVE-2022-24821)