OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: Full path disclosure and sql injection on CubeCart 2.0.1

sculptexsculptex.co.uk
Date: Thu Oct 21 2004 - 17:59:10 CDT

In-Reply-To: <20041006144016.28823.qmailwww.securityfocus.com>

Solution

INSERT
  
if (!is_numeric($cat_id))
   unset($cat_id);

BEFORE

include("header.inc.php");

IN

index.php