Vulnerable File Vulnerable Field
category.php id_category
cart.php id_product
product.php id_product
Vulnerability classification
Sql Injection
Vulnerability details (and reproduction steps, if you want to
disclosure it).
just inject ' and you get sql eror
If vendor was notified or not.
Yes, already fixed in 3.7.0