Re: Full path disclosure and sql injection on CubeCart 2.0.1

From: <sculptex_at_sculptex.co.uk>
Date: 21 Oct 2004 22:59:10 -0000

('binary' encoding is not supported, stored as-is) In-Reply-To: <20041006144016.28823.qmail_at_www.securityfocus.com>

Solution

INSERT
  
if (!is_numeric($cat_id))
   unset($cat_id);

BEFORE

include("header.inc.php");

IN

index.php

Received on Oct 23 2004