I had a recent compliance fail because of an Integer based SQL injection vulnerability in REST-style parameter. The failed url is /checkout/cart/add/uenc/aHR0cHM6L.......D1V/product. All of the security patches with the exception of patch 7405 have been installed. The site is currently running magento 1.8.1. How can I fix this?
Here is a quick/dirty explanation of the issue along with a quick/dirty (but valid) fix