TomatoCart version 1.x (latest-stable) suffers from cross site scripting and remote SQL injection vulnerabilities.
cd380b42173cb9381f2c2e040433d1adfe568239973fe9274ff5f404846bf040
ZeusCart version 4.x suffers from a remote SQL injection vulnerability.
14392edcd2386fc3bfa622c4621025b3d4cac45565be688d86e2d5c417ae827b