[原文]** DISPUTED ** Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote attackers to execute arbitrary SQL commands via the (1) cartid parameter to upstnt.php or (2) psku parameter to display.php. NOTE: the vendor disputes this report, saying that they are forced SQL errors. The original researcher is known to be unreliable.
FishCart has been reported to contain a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is supposedly due to the 'psku' variable in the display.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries. However, the vendor disputes this claim saying that it is nothing more than a forced SQL error, not a method for injection.
Despite the vendor not being able to reproduce the described vulnerability, they have released a patch to further enhance security precautions to prevent possible attacks.