CVE-2007-4121

Name of the Vulnerable Software and Affected Versions E-Commerce Scripts Shopping Cart Script (affected versions not specified) Multi-Vendor E-Shop Script (affected versions not specified) Auction Script (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the EmailAdd (Username) and Pass (password) parameters in the "admin.aspx" page.

Recommendations For E-Commerce Scripts Shopping Cart Script, restrict access to the admin.aspx page until a fix is available. For Multi-Vendor E-Shop Script, avoid using the EmailAdd and Pass parameters in the affected page until the issue is resolved. For Auction Script, consider disabling the admin.aspx page as a temporary workaround until a patch is available.