Breakingtech

**Name of the Vulnerable Software and Affected Versions** ZeusCart versions 4.x **Description** The issue involves multiple SQL injection vulnerabilities. **Recommendations** For ZeusCart versions 4.x, update to a version that includes a fix for these SQL injection vulnerabilities.

**Name of the Vulnerable Software and Affected Versions** Loaded Commerce version 7 **Description** The issue concerns the bindReplace function in the query factory, which fails to properly handle colon characters. This allows remote authenticated users to conduct SQL injection attacks through the First name and Last name fields in the address book. **Recommendations** For Loaded Commerce version 7, consider restricting access to the address book fields until a proper fix is applied, and ensure that user input is thoroughly sanitized to prevent SQL injection attacks. As a temporary workaround, consider disabling the bindReplace function in the query factory until a patch is available.