Test ID:	1.3.6.1.4.1.25623.1.0.100360
Category:	Web application abuses
Title:	CubeCart 'productId' SQL Injection Vulnerability
Summary:	CubeCart is prone to an SQL-injection vulnerability because it fails; to sufficiently sanitize user-supplied data before using it in an SQL query.
Description:	Summary: CubeCart is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Vulnerability Impact: Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Affected Software/OS: The issue affects CubeCart 4.3.6. Prior versions may also be affected. Solution: The vendor has released updates. Please see the references for details. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4060 BugTraq ID: 37065 http://www.securityfocus.com/bid/37065 http://osvdb.org/60306 http://secunia.com/advisories/37402 http://www.vupen.com/english/advisories/2009/3290 XForce ISS Database: cubecart-viewprod-sql-injection(54331) https://exchange.xforce.ibmcloud.com/vulnerabilities/54331
Copyright	Copyright (C) 2009 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.