CVE-2007-3520
CVE-2007-3520 describes a SQL injection in the Easybe 1-2-3 Music Store, via the parameter CategoryID in process.php, allowing remote attackers to execute arbitrary SQL commands. The root cause is unsafely handling the CategoryID input, enabling injected SQL through the web interface. Documented ...