Sm0K3

**Name of the Vulnerable Software and Affected Versions** IXXO Cart Standalone versions prior to 3.9.6.1 IXXO Cart component for Joomla! version 1.0.x **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `parent` parameter. **Recommendations** For IXXO Cart Standalone versions prior to 3.9.6.1, update to version 3.9.6.1 or later. For the IXXO Cart component for Joomla! version 1.0.x, consider disabling the vulnerable component until a patch is available. Avoid using the `parent` parameter in affected API endpoints until the issue is resolved.