[原文]** DISPUTED ** SQL injection vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to execute arbitrary SQL commands via the iCategory parameter. NOTE: the vendor has privately disputed this issue, saying that Quick.cart does not even use SQL and therefore can not be vulnerable to SQL injection.
Quick.Cart has been reported to contain a flaw that may allow an attacker to manipulate SQL commands. The issue was reported to affect the iCategory variable of the index.php script. Subsequent research indicates that Quick.Cart does not use an SQL database of any kind, rather it uses flat files to maintain database information. The reported vulnerability is incorrect.
The vulnerability reported is incorrect. No solution required.