Phpshop · Phpshop · CVE-2008-0681
**Name of the Vulnerable Software and Affected Versions**
PHPShop version 0.8.1
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `product id` parameter in the "index.php" file, specifically with a "shop/flypage" action.
**Recommendations**
For PHPShop version 0.8.1, consider restricting access to the `product id` parameter in the affected API endpoint until the issue is resolved. As a temporary workaround, avoid using the `product id` parameter in the "index.php" file with a "shop/flypage" action until a patch is available.