CVE-2002-2168

Name of the Vulnerable Software and Affected Versions: 123tkShop versions prior to 0.3.1

Description: A SQL injection issue allows remote attackers to execute arbitrary SQL queries. This is possible via various programs, including the function describe item1.inc.php file.

Recommendations: For versions prior to 0.3.1, update to version 0.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the function describe item1.inc.php file until the update is applied.