SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows remote malicious users to execute arbitrary SQL commands via the id_document parameter.
cpcommerce cpcommerce 1.2.8