CVE-2007-3933

SQL injection vulnerability in insertorder.cfm in QuickEStore 8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the CFTOKEN parameter, a different vector than CVE-2006-2053.

Date published : 2007-07-20

http://www.securityfocus.com/bid/24961

https://www.exploit-db.com/exploits/4193