CVE-2006-4267
Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the 1 oid parameter in modules/gateway/Protx/confirmed.php and the 2 xinvoicenum parameter in modules/gateway/Authorize/confirmed.php...