A vulnerability described as critical has been identified in CubeCart up to 6.6.x . This issue affects the function sqlSafe of the file admin.php?_g=orders&node=transactions of the component Admin Password Handler . The manipulation of the argument sort results in sql injection. This vulnerability is cataloged as CVE-2026-45054 . The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.