Description

SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter.

Remediation

References

CVE-2009-4060

Related Vulnerabilities

SharePoint CVE-2021-1707 Vulnerability (CVE-2021-1707)

WordPress Plugin Author Chat Unspecified Vulnerability (1.9.0)

WordPress 2.6.1 Lost Password SQL Column Truncation Unauthorized Access Vulnerability (0.71 - 2.6.1)

Oracle Application Server CVE-2006-3706 Vulnerability (CVE-2006-3706)

WordPress Plugin SecuPress Free-WordPress Security Security Bypass (1.4.13)

Severity

High

Classification

CVE-2009-4060 CWE-138

Tags

Missing Update Known Vulnerabilities