CVE-2007-2862
CubeCart 3.0.16 contains multiple SQL injection vulnerabilities exploitable via an unspecified parameter to cart.inc.php and some files in an include directory. The root cause is missing sanitization of the $option variable, with possible cookie modification. Impact is remote arbitrary SQL execut...