CVE-2018-19468
HuCart 5.7.4 is vulnerable to SQL injection in get_ip() (system/class/helper_class.php) via the X-Forwarded-For HTTP header, exploitable at user/index.php?load=login&act=act_login. Affected component: get_ip() function; root cause: insufficient validation/filtering of HTTP header data leading to ...