https://www.exploit-db.com/exploits/25774
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200506-017

QualiteamX-Cart4.0.8版本中存在多个SQL注入漏洞，远程攻击者可通过：(1)提交到home.php的cat参数或(2)printable参数，(3)到product.php的productid参数或(4)mode参数，(5)注入到error_message.php的id参数，(6)到help.php的section参数，(7)到orders.php的mode参数，(8)到register.php的mode参数，(9)到search.php的mode参数，或(10)到giftcert.php的gcid参数或(11)gcindex参数，执行任意SQL指令。

source: http://www.securityfocus.com/bid/13817/info
               
X-Cart is prone to SQL injection and cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
               
These vulnerabilities could permit remote attackers to pass malicious input to database queries, resulting in modification of query logic or other attacks. Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. An attacker may also steal cookie-based authentication credentials and carry out other attacks.
               
X-Cart 4.0.8 is reportedly vulnerable. Other versions may be affected as well.

http://www.example.com/giftcert.php?gcid='[SQL-inj]
http://www.example.com/giftcert.php?gcindex='[SQL-inj]

来源:XF
名称:xcart-multiple-parameters-sql-injection(20773)
链接:http://xforce.iss.net/xforce/xfdb/20773
来源:BID
名称:13817
链接:http://www.securityfocus.com/bid/13817
来源:SECTRACK
名称:1014077
链接:http://securitytracker.com/id?1014077
来源:SECUNIA
名称:15555
链接:http://secunia.com/advisories/15555
来源:BUGTRAQ
名称:20050530Multiplevulnerabilitiesinx-cartGold
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111748583101076&w;=2