SQL injection vulnerability in the sql_query function in cart.php in C97net Cart Engine prior to 4.0 allows remote malicious users to execute arbitrary SQL commands via the item_id variable, as demonstrated by the (1) item_id[0] or (2) item_id[] parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
c97 cart engine |