CVE-2008-6394

2009-03-0417:00:00

mitre

www.cve.org

AI Score

8.4

Confidence

Low

EPSS

0.006

Percentile

78.7%

JSON

SQL injection vulnerability in core/user.php in CS-Cart 1.3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the cs_cookies[customer_user_id] cookie parameter.

References

secunia.com/advisories/31686

www.gulftech.org/?node=research&article_id=00128-09022008

www.securityfocus.com/archive/1/495907/100/0/threaded

www.securityfocus.com/bid/30979

exchange.xforce.ibmcloud.com/vulnerabilities/44852

www.exploit-db.com/exploits/6352