CVE-2007-2862

Name of the Vulnerable Software and Affected Versions CubeCart version 3.0.16

Description The issue is related to multiple SQL injection vulnerabilities. These vulnerabilities might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory. The problem is related to missing sanitization of the $option variable and possibly cookie modification.

Recommendations For CubeCart version 3.0.16, consider sanitizing the $option variable to prevent SQL injection attacks. As a temporary workaround, restrict access to the cart.inc.php file and other affected files in the include directory to minimize the risk of exploitation.