cpe:/a:xt-commerce:xt%3acommerce:3.0.4 CVE-2008-6304 2009-02-26T18:30:00.343-05:00 2017-08-16T21:29:12.630-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-02-27T11:32:00.000-05:00 BID 32398 SECUNIA 32830 CONFIRM http://www.xt-commerce.com/blog/xtcommerce-news/sicherheitspatch-fuer-version-304-sp21.html XF xtcommerce-unspecified-sql-injection(46757) SQL injection vulnerability in xt:Commerce before 3.0.4 Sp2.1, when magic_quotes_gpc is enabled and the SEO URLs are activated, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.