Description

SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php.

Remediation

References

CVE-2010-1931

Related Vulnerabilities

e107 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2009-3444)

WordPress Plugin Download Manager Arbitrary File Deletion (3.2.50)

WordPress Plugin Redirection PHP Object Injection (2.7.3)

WordPress Plugin Cookie Notification for WordPress-WP Cookie User Info includes Backdoor [Only if downloaded via the vendor website] (1.0.7)

Perl Out-of-bounds Read Vulnerability (CVE-2015-8608)

Severity

High

Classification

CVE-2010-1931 CWE-138

Tags

Missing Update Known Vulnerabilities