CVE-2009-4060

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
24/11/2009
Last modified:
09/04/2025

Description

SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:cubecart:cubecart:*:*:*:*:*:*:*:* 4.3.6 (including)
cpe:2.3:a:cubecart:cubecart:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:3.0.8:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:3.0.9:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:3.0.10:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:3.0.11:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:3.0.12:*:*:*:*:*:*:*
cpe:2.3:a:cubecart:cubecart:3.0.13:*:*:*:*:*:*:*