CVE-2008-3594

Name of the Vulnerable Software and Affected Versions MagicScripts E-Store Kit-1 (affected versions not specified) MagicScripts E-Store Kit-2 (affected versions not specified) MagicScripts E-Store Kit-1 Pro PayPal Edition (affected versions not specified) MagicScripts E-Store Kit-2 PayPal Edition (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the pid parameter in the viewdetails.php file.

Recommendations For MagicScripts E-Store Kit-1, consider restricting access to the viewdetails.php file until a fix is available. For MagicScripts E-Store Kit-2, avoid using the pid parameter in the viewdetails.php file until the issue is resolved. For MagicScripts E-Store Kit-1 Pro PayPal Edition, restrict the use of the viewdetails.php file to minimize the risk of exploitation. For MagicScripts E-Store Kit-2 PayPal Edition, as a temporary workaround, consider disabling the viewdetails.php file until a patch is available.