CVE-2006-3187

Name of the Vulnerable Software and Affected Versions Sharky e-shop versions 3.05 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially resulting from SQL injection or a forced SQL error. This is achieved via the maingroup and secondgroup parameters to the "search prod list.asp" endpoint, and the maingroup parameter to the "meny2.asp" endpoint.

Recommendations For Sharky e-shop versions 3.05 and earlier, as a temporary workaround, consider restricting access to the "search prod list.asp" and "meny2.asp" endpoints until a patch is available. Avoid using the maingroup and secondgroup parameters in the affected endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.