CVE-2003-0585

Name of the Vulnerable Software and Affected Versions: Brooky eStore versions 1.0.1 through 1.0.2b

Description: The issue allows remote attackers to bypass authentication and execute arbitrary SQL code. This is achieved via the user or pass parameters.

Recommendations: For versions 1.0.1 through 1.0.2b, as a temporary workaround, consider restricting access to the login.asp page until a patch is available. Avoid using the user and pass parameters in the login process until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.