CVE-2006-5923

Name of the Vulnerable Software and Affected Versions GimeScripts Shopping Catalog versions 0.9.1 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the custom parameter. This can be achieved by manipulating the URL to include malicious PHP code, which can then be executed by the server.

Recommendations For GimeScripts Shopping Catalog versions 0.9.1 and earlier, consider restricting access to the index.php file until a patch is available. As a temporary workaround, avoid using the custom parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.