Sangte Amtham

**Name of the Vulnerable Software and Affected Versions** CubeCart versions prior to 4.3.7 **Description** The issue allows remote attackers to execute arbitrary SQL commands via the `productId` parameter in the includes/content/viewProd.inc.php file. **Recommendations** For versions prior to 4.3.7, update to version 4.3.7 or later to resolve the issue. As a temporary workaround, consider restricting access to the `viewProd.inc.php` file or avoiding the use of the `productId` parameter in the affected API endpoint until the issue is resolved.