cpCommerce 'document.php' SQL Injection Vulnerability

cpCommerce 'document.php' SQL Injection Vulnerability

Solution:
UPDATE (April 21, 2009): The vendor refutes this issue, stating that the vulnerability described does not affect cpCommerce 1.2.8. However, versions prior to 1.2.7 are affected.

Contact the vendor for more information.

cpCommerce cpCommerce 0.5 f

cpCommerce cpCommerce 1.2.8
http://cpcommerce.cpradio.org/downloads.php?action=download

cpCommerce cpCommerce 1.1

cpCommerce cpCommerce 1.2.8
http://cpcommerce.cpradio.org/downloads.php?action=download

cpCommerce cpCommerce 1.2.3

cpCommerce cpCommerce 1.2.8
http://cpcommerce.cpradio.org/downloads.php?action=download

cpCommerce cpCommerce 1.2.4

cpCommerce cpCommerce 1.2.8
http://cpcommerce.cpradio.org/downloads.php?action=download

cpCommerce cpCommerce 1.2.6

cpCommerce cpCommerce 1.2.8
http://cpcommerce.cpradio.org/downloads.php?action=download