CVE-2006-4236

Name of the Vulnerable Software and Affected Versions POWERGAP (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the shopid parameter to various PHP files, including s01.php, s02.php, s03.php, and s04.php. It may also be possible to exploit this issue via a URL located after "shopid=" or "sid=" in the PATH INFO.

Recommendations As a temporary workaround, consider restricting access to the s01.php, s02.php, s03.php, and s04.php files until a patch is available. Avoid using the shopid parameter in the affected API endpoints until the issue is resolved. Restrict access to URLs containing "shopid=" or "sid=" in the PATH INFO to minimize the risk of exploitation.