CVE-2008-0911

Iscripts Multicart - SQL Injection

Title source: rule

Description

SQL injection vulnerability in productdetails.php in iScripts MultiCart 2.0 allows remote authenticated users to execute arbitrary SQL commands via the productid parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by t0pP8uZz · htmlwebappsphp

https://www.exploit-db.com/exploits/5166

View Code ZIP pw:eip

References (3)

[Exploit] http://www.securityfocus.com/bid/27916

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/5166

[Vendor Advisory] http://secunia.com/advisories/29018

Scores

EPSS 0.0046

EPSS Percentile 64.2%

Details

CWE

CWE-89

Status published

Products (1)

iscripts/multicart 2.0

Published Feb 22, 2008

Tracked Since Feb 18, 2026