SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2022-10-03T16:20:38
Updated: 2022-10-03T16:20:38
Reserved: 2022-10-03T00:00:00
Link: CVE-2014-8306
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-10-16T19:55:17.737
Modified: 2014-12-16T17:26:12.217
Link: CVE-2014-8306
JSON object: View
Redhat Information
No data.
CWE