SQL Injection Vulnerability in CS-Cart by CS-Cart Inc.
CVE-2009-4891

Currently unrated

Key Information:

Vendor: Cs-cart
Status: Cs-cart
Vendor: CVE Published:; 11 June 2010

What is CVE-2009-4891?

A SQL injection vulnerability exists in the index.php file of CS-Cart 2.0.0 Beta 3, enabling remote attackers to execute arbitrary SQL commands through the 'product_id' parameter when using the products.view action. This flaw poses a significant risk by allowing attackers to manipulate the database and potentially gain access to sensitive information.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/49154

vdb-entryx_refsource_XF

http://www.exploit-db.com/exploits/8184

exploitx_refsource_EXPLOIT-DB

http://www.securityfocus.com/bid/34048

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 11, 2010
Vulnerability Reserved
Jun 11, 2010

Cs-cart

What is CVE-2009-4891?

References

Timeline