CVE-2006-4267

Devellion Cubecart - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) oid parameter in modules/gateway/Protx/confirmed.php and the (2) x_invoice_num parameter in modules/gateway/Authorize/confirmed.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by rgod · phpwebappsphp
https://www.exploit-db.com/exploits/2198

References (14)

Scores

EPSS 0.0363
EPSS Percentile 87.8%

Details

Status published
Products (6)
devellion/cubecart 3.0.3
devellion/cubecart 3.0.4
devellion/cubecart 3.0.6
devellion/cubecart 3.0.7
devellion/cubecart 3.0.7-pl1
devellion/cubecart 3.0.11
Published Aug 21, 2006
Tracked Since Feb 18, 2026