Virtuemart · Aweb Cart Watching System For Virtuemart · CVE-2016-10114
**Name of the Vulnerable Software and Affected Versions**
aWeb Cart Watching System for Virtuemart versions prior to 2.6.1
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via vectors involving `categorysearch` and `smartSearch`.
**Recommendations**
For versions prior to 2.6.1, update to version 2.6.1 or later to resolve the issue.