Date published: 2014-10-20T12:55:07.697-04:00
Date last modified: 2014-10-24T08:53:33.937-04:00
CVSS Score: 6.5
Principal attack vector: NETWORK
Reference URL: http://packetstormsecurity.com/files/127785/TomatoCart-1.x-Cross-Site-Scripting-SQL-Injection.html
Summary: SQL injection vulnerability in TomatoCart 126.96.36.199.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact.