CVE-2014-8306

2022-10-0316:20:38

mitre

www.cve.org

cve-2014-8306

sql injection

cart.php

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.1%

JSON

SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine before 4.0 allows remote attackers to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter.

References

seclists.org/fulldisclosure/2014/Sep/55

www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect