cpe:/a:phpstore:wholesale cpe:/a:phpstore:wholesales CVE-2008-5493 2008-12-12T11:30:00.843-05:00 2017-09-28T21:32:37.917-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-12-12T15:37:00.000-05:00 ALLOWS_OTHER_ACCESS BID 32314 SECUNIA 32741 SREASON 4720 EXPLOIT-DB 7134 VUPEN ADV-2008-3167 MISC http://packetstorm.linuxsecurity.com/0811-exploits/wholesale-sql.txt XF wholesale-track-sql-injection(46626) SQL injection vulnerability in track.php in PHPStore Wholesales (aka Wholesale) allows remote attackers to execute arbitrary SQL commands via the id parameter.