EXPLOITDB-EDB-14117

EXPLOITDB text VERIFIED WRITEUP
Exploit for CVE-2010-1931 - Cubecart - SQL Injection
AI Analysis

The advisory describes an SQL injection vulnerability in CubeCart versions 4.3.4 to 4.3.9, where the 'shipKey' parameter in a POST request to 'index.php' is not properly sanitized, allowing arbitrary SQL code execution. The vulnerability is patched in version 4.4.0.

Attack Type
SQLi
Complexity
trivial
Reliability
reliable
MITRE ATT&CK
T1189 - Drive-by Compromise
Loading exploit code...
Download ZIP Password: eip
Source
Platform Exploitdb
Type webapps
Platform multiple
Language text
Files 1
Authors
Core Security 7Safe
Vulnerability
CVE-2010-1931
Cubecart - SQL Injection