CVE-2004-0300

Name of the Vulnerable Software and Affected Versions Online Store Kit version 3.0

Description The issue allows remote attackers to inject arbitrary SQL and gain unauthorized access. This can be achieved via several parameters in different PHP files, including the cat parameter in "shop.php", the id parameter in "more.php", the cat manufacturer parameter in "shop by brand.php", or the id parameter in "listing.php".

Recommendations For Online Store Kit version 3.0, consider restricting access to the vulnerable parameters cat, id, and cat manufacturer in the respective PHP files until a patch is available. As a temporary workaround, disabling the SQL injection vulnerability by input validation and sanitization is recommended.