Download
| Alert*
CVE-2010-1931
SQL injection vulnerability in includes/content/cart.inc.php in CubeCart PHP Shopping cart 4.3.4 through 4.3.9 allows remote attackers to execute arbitrary SQL commands via the shipKey parameter to index.php. CVE-2018-20716 CubeCart before 6.1.13 has SQL Injection via the validate[] parameter of the "I forgot my Password!" feature. |