CVE-2006-6109

Name of the Vulnerable Software and Affected Versions CandyPress Store version 3.5.2.14

Description The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved via the policy parameter in "openPolicy.asp" or the brand parameter in "prodList.asp".

Recommendations For CandyPress Store version 3.5.2.14, consider restricting access to the vulnerable API endpoints "openPolicy.asp" and "prodList.asp" to minimize the risk of exploitation. Avoid using the policy and brand parameters in these endpoints until the issue is resolved.