CVE-2005-2621

Name of the Vulnerable Software and Affected Versions ECW-Shop version 6.0.2

Description The issue allows remote attackers to obtain sensitive information via the min or max parameter with a single quote, which reveals the path in an error message, possibly due to a SQL injection vulnerability.

Recommendations For ECW-Shop version 6.0.2, consider restricting access to the index.php file until a patch is available, and avoid using the min and max parameters with unvalidated input to minimize the risk of exploitation.