CVE-2006-2164

Name of the Vulnerable Software and Affected Versions Avactis Shopping Cart versions 0.1.2 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands, which can lead to full path disclosure from invalid SQL queries. This is achieved via the category id parameter in "store special offers.php" and "store.php", and the prod id parameter in "cart.php" and "product info.php".

Recommendations For Avactis Shopping Cart versions 0.1.2 and earlier, consider restricting access to the store special offers.php, store.php, cart.php, and product info.php files until a patch is available. As a temporary workaround, avoid using the category id and prod id parameters in the affected files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.