CVE-2006-4526

SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the searchArray[] parameter.

Date published : 2006-09-01

http://www.securityfocus.com/bid/19782

http://cubecart.com/site/forums/index.php?showtopic=21540