An interesting SQL injection vulnerability was discovered in CubeCart v3.0.16. This vulnerability cannot easily be exploited by traditional means - in fact, the actual vulnerable variable was not discovered.

As a piece of user input is passed to CubeCart, it is sanitized through a routine mySQLSafe...

[ more ]