What is the severity of CVE-2009-4060?

CVE-2009-4060 is classified as a high-severity vulnerability due to the potential for remote SQL injection.

How do I fix CVE-2009-4060?

To fix CVE-2009-4060, update your CubeCart installation to version 4.3.7 or later.

What versions of CubeCart are affected by CVE-2009-4060?

CVE-2009-4060 affects CubeCart versions prior to 4.3.7, including versions 3.x and 4.x.

What types of attacks can be executed due to CVE-2009-4060?

CVE-2009-4060 allows attackers to execute arbitrary SQL commands, potentially compromising the database.

Is CVE-2009-4060 being actively exploited?

While CVE-2009-4060 was discovered in 2009, vulnerabilities of this nature can still be exploited if systems remain unpatched.

Vulnerability/
CVE-2009-4060

high

7.5

CWE

24/11/2009

7/8/2024

CVE-2009-4060: SQL Injection

First published: Tue Nov 24 2009(Updated: )

SQL injection vulnerability in includes/content/viewProd.inc.php in CubeCart before 4.3.7 remote attackers to execute arbitrary SQL commands via the productId parameter.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
Cubecart Cubecart	=4.0.1
Cubecart Cubecart	=4.0.0-beta_2
Cubecart Cubecart	=3.0.9
Cubecart Cubecart	=3.0.8
Cubecart Cubecart	=3.0.18
Cubecart Cubecart	=3.0.5
Cubecart Cubecart	=4.3.4
Cubecart Cubecart	=4.0.0
Cubecart Cubecart	=3.0.14
Cubecart Cubecart	=3.0.13
Cubecart Cubecart	=4.1.1
Cubecart Cubecart	=4.0.3
Cubecart Cubecart	=3.0.16
Cubecart Cubecart	=3.0.7
Cubecart Cubecart	=3.0.19
Cubecart Cubecart	=4.3.5
Cubecart Cubecart	=4.3.2
Cubecart Cubecart	=3.0.20
Cubecart Cubecart	<=4.3.6
Cubecart Cubecart	=4.3.1
Cubecart Cubecart	=4.2.1
Cubecart Cubecart	=3.0.0
Cubecart Cubecart	=3.0.3
Cubecart Cubecart	=4.1.0
Cubecart Cubecart	=3.0.10
Cubecart Cubecart	=4.1.0-rc_1
Cubecart Cubecart	=3.0.11
Cubecart Cubecart	=3.0.2
Cubecart Cubecart	=3.0.12
Cubecart Cubecart	=4.2.2
Cubecart Cubecart	=4.0.0-beta_3
Cubecart Cubecart	=4.0.0-rc_1
Cubecart Cubecart	=4.2.0
Cubecart Cubecart	=4.0.2
Cubecart Cubecart	=4.1.0-rc_2
Cubecart Cubecart	=3.0.17
Cubecart Cubecart	=4.2.3
Cubecart Cubecart	=3.0.15
Cubecart Cubecart	=3.0.6
Cubecart Cubecart	=3.0.4
Cubecart Cubecart	=4.3.0
Cubecart Cubecart	=3.0.1
Cubecart Cubecart	=4.3.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-4060?
CVE-2009-4060 is classified as a high-severity vulnerability due to the potential for remote SQL injection.
How do I fix CVE-2009-4060?
To fix CVE-2009-4060, update your CubeCart installation to version 4.3.7 or later.
What versions of CubeCart are affected by CVE-2009-4060?
CVE-2009-4060 affects CubeCart versions prior to 4.3.7, including versions 3.x and 4.x.
What types of attacks can be executed due to CVE-2009-4060?
CVE-2009-4060 allows attackers to execute arbitrary SQL commands, potentially compromising the database.
Is CVE-2009-4060 being actively exploited?
While CVE-2009-4060 was discovered in 2009, vulnerabilities of this nature can still be exploited if systems remain unpatched.

collector/nvd-historical
collector/nvd-index
agent/type
agent/references
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/last-modified-date
agent/description
agent/first-publish-date
agent/author
agent/tags
agent/event
agent/source
vendor/cubecart
canonical/cubecart cubecart
version/cubecart cubecart/4.0.1
version/cubecart cubecart/4.0.0-beta_2
version/cubecart cubecart/3.0.9
version/cubecart cubecart/3.0.8
version/cubecart cubecart/3.0.18
version/cubecart cubecart/3.0.5
version/cubecart cubecart/4.3.4
version/cubecart cubecart/4.0.0
version/cubecart cubecart/3.0.14
version/cubecart cubecart/3.0.13
version/cubecart cubecart/4.1.1
version/cubecart cubecart/4.0.3
version/cubecart cubecart/3.0.16
version/cubecart cubecart/3.0.7
version/cubecart cubecart/3.0.19
version/cubecart cubecart/4.3.5
version/cubecart cubecart/4.3.2
version/cubecart cubecart/3.0.20
version/cubecart cubecart/4.3.6
version/cubecart cubecart/4.3.1
version/cubecart cubecart/4.2.1
version/cubecart cubecart/3.0.0
version/cubecart cubecart/3.0.3
version/cubecart cubecart/4.1.0
version/cubecart cubecart/3.0.10
version/cubecart cubecart/4.1.0-rc_1
version/cubecart cubecart/3.0.11
version/cubecart cubecart/3.0.2
version/cubecart cubecart/3.0.12
version/cubecart cubecart/4.2.2
version/cubecart cubecart/4.0.0-beta_3
version/cubecart cubecart/4.0.0-rc_1
version/cubecart cubecart/4.2.0
version/cubecart cubecart/4.0.2
version/cubecart cubecart/4.1.0-rc_2
version/cubecart cubecart/3.0.17
version/cubecart cubecart/4.2.3
version/cubecart cubecart/3.0.15
version/cubecart cubecart/3.0.6
version/cubecart cubecart/3.0.4
version/cubecart cubecart/4.3.0
version/cubecart cubecart/3.0.1
version/cubecart cubecart/4.3.3

Frequently Asked Questions

What is the severity of CVE-2009-4060?
CVE-2009-4060 is classified as a high-severity vulnerability due to the potential for remote SQL injection.
How do I fix CVE-2009-4060?
To fix CVE-2009-4060, update your CubeCart installation to version 4.3.7 or later.
What versions of CubeCart are affected by CVE-2009-4060?
CVE-2009-4060 affects CubeCart versions prior to 4.3.7, including versions 3.x and 4.x.
What types of attacks can be executed due to CVE-2009-4060?
CVE-2009-4060 allows attackers to execute arbitrary SQL commands, potentially compromising the database.
Is CVE-2009-4060 being actively exploited?
While CVE-2009-4060 was discovered in 2009, vulnerabilities of this nature can still be exploited if systems remain unpatched.

CVE-2009-4060: SQL Injection

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2009-4060?

How do I fix CVE-2009-4060?

What versions of CubeCart are affected by CVE-2009-4060?

What types of attacks can be executed due to CVE-2009-4060?

Is CVE-2009-4060 being actively exploited?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2009-4060?

How do I fix CVE-2009-4060?

What versions of CubeCart are affected by CVE-2009-4060?

What types of attacks can be executed due to CVE-2009-4060?

Is CVE-2009-4060 being actively exploited?