Multiple SQL injection vulnerabilities in MultiCart 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to categorydetail.php and the (2) ddlCategory parameter to search.php.Referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/36927https://www.exploit-db.com/exploits/4480http://www.securityfocus.com/bid/25895
