CVE-2006-2038

Name of the Vulnerable Software and Affected Versions ampleShop versions 2.1 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the RecordID parameter in "Customeraddresses RecordAction.cfm" and "youraccount.cfm", the solus parameter in "detail.cfm", and the cat parameter in "category.cfm".

Recommendations For ampleShop versions 2.1 and earlier, consider restricting access to the vulnerable parameters RecordID, solus, and cat in the respective API endpoints until a patch is available. As a temporary workaround, avoid using these parameters in the affected files "Customeraddresses RecordAction.cfm", "youraccount.cfm", "detail.cfm", and "category.cfm" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.