Description
SQL injection vulnerability in index.php in PHP Shopping Cart Selling Website Script allows remote attackers to execute arbitrary SQL commands via the cid parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by 599eme Man · textwebappsphp
https://www.exploit-db.com/exploits/34711
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://packetstormsecurity.org/0907-exploits/scsc-sqlxss.txt
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35894
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/1977
Scores
EPSS
0.0056
EPSS Percentile
68.3%
Details
CWE
CWE-89
Status
published
Products (1)
resalecode/php_shopping_cart_selling_website_script
Published
Mar 10, 2010
Tracked Since
Feb 18, 2026