VYPR
Unrated severityNVD Advisory· Published Feb 26, 2009· Updated Jun 16, 2026

CVE-2008-6304

CVE-2008-6304

Description

SQL injection vulnerability in xt:Commerce before 3.0.4 Sp2.1, when magic_quotes_gpc is enabled and the SEO URLs are activated, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Affected products

3
  • cpe:2.3:a:xt-commerce:xt-commerce:*:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:a:xt-commerce:xt-commerce:*:*:*:*:*:*:*:*range: <3.0.4
    • cpe:2.3:a:xt-commerce:xt-commerce:3.0.4:-:*:*:*:*:*:*
    • (no CPE)range: <3.0.4 Sp2.1

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.