CVE-2005-2623

Name of the Vulnerable Software and Affected Versions ECW-Shop version 6.0.2

Description The issue allows remote attackers to manipulate the total cost of their shopping cart. By specifying a negative quantity for an item, the price of the item is subtracted from the total cost, potentially reducing the total cost of the cart.

Recommendations For ECW-Shop version 6.0.2, consider implementing validation to prevent negative quantities from being specified in the shopping cart, or restrict the ability to modify quantities in a way that could lead to a negative total cost.