SQL Injection Vulnerability in TomatoCart 1.1.8.6.1: Remote Code Execution via Address Book Contact Fields

SQL Injection Vulnerability in TomatoCart 1.1.8.6.1: Remote Code Execution via Address Book Contact Fields

CVE-2014-3978 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:P/A:P

SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact.

Learn more about our Contact.