<<< Date Index >>>     <<< Thread Index >>>

Re: Full path disclosure and sql injection on CubeCart 2.0.1



In-Reply-To: <20041006144016.28823.qmail@xxxxxxxxxxxxxxxxxxxxx>

Solution

INSERT
  
if (!is_numeric($cat_id))
   unset($cat_id); 

BEFORE

include("header.inc.php");

IN

index.php