Description

SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php.

Remediation

References

CVE-2010-1931

Related Vulnerabilities

SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-0971)

Owncloud Cross-site Scripting (XSS) Vulnerability (CVE-2020-16255)

WordPress Plugin Customify-Intuitive Website Styling Cross-Site Request Forgery (2.10.4)

WordPress Plugin WordPress Social Login and Register (Discord, Google, Twitter, LinkedIn) Unspecified Vulnerability (5.1)

Oracle Database Server CVE-2009-1966 Vulnerability (CVE-2009-1966)

Severity

High

Classification

CVE-2010-1931 CWE-138

Tags

Missing Update Known Vulnerabilities