Unrated severityNVD Advisory· Published May 24, 2007· Updated Apr 23, 2026

CVE-2007-2862

Description

Multiple SQL injection vulnerabilities in CubeCart 3.0.16 might allow remote attackers to execute arbitrary SQL commands via an unspecified parameter to cart.inc.php and certain other files in an include directory, related to missing sanitization of the $option variable and possibly cookie modification.

Affected products

Devellion/Cubecart
cpe:2.3:a:devellion:cubecart:3.0.16:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

osvdb.org/38100nvd
securityreason.com/securityalert/2730nvd
www.securityfocus.com/archive/1/469301/100/0/threadednvd
www.securityfocus.com/bid/24100nvd
exchange.xforce.ibmcloud.com/vulnerabilities/34460nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000