CVE-2021-47909

Publication date

2026-02-01 12:15:47

Family

VulnCheck

State

PUBLISHED

Description

Mult-E-Cart Ultimate 2.4 contains multiple SQL injection vulnerabilities in inventory, customer, vendor, and order modules. Remote attackers with privileged vendor or admin roles can exploit the id parameter to execute malicious SQL commands and compromise the database management system.