After being notified of an issue with the online shopping cart, where customers are able to arbitrarily change the
price of listed items, a programmer analyzes the following piece of code used by a web based shopping cart.
SELECT ITEM FROM CART WHERE ITEM=ADDSLASHES($USERINPUT); The programmer found that every
time a user adds an item to the cart, a temporary file is created on the web server /tmp directory. The
temporary file has a name which is generated by concatenating the content of the $USERINPUT variable and atimestamp in the form of MM- DD-YYYY, (e.g. smartphone-12-25-2013.tmp) containing the price of the item
being purchased. Which of the following is MOST likely being exploited to manipulate the price of a shopping
cart’s items?

A.
Input validation

B.
SQL injection

C.
TOCTOU

D.
Session hijacking