SQL injection vulnerability in index.php in CubeCart 4.3.3 allows remote malicious users to execute arbitrary SQL commands via the searchStr parameter.
cubecart cubecart 4.3.3