N0C0Py

Name of the Vulnerable Software and Affected Versions: AShop Deluxe versions 4.x Description: The issue allows remote attackers to execute arbitrary SQL commands via the `cat` parameter in the catalogue.php file. This can be exploited by sending malicious input to the vulnerable API endpoint. Recommendations: For AShop Deluxe versions 4.x, avoid using the `cat` parameter in the catalogue.php file until a patch is available. As a temporary workaround, consider restricting access to the catalogue.php file to minimize the risk of exploitation.