CVE-2008-3768

Name of the Vulnerable Software and Affected Versions Turnkey Web Tools SunShop Shopping Cart versions prior to 4.1.5

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the id parameter in an edit registry action to "index.php", a vector involving the check email function, and other vectors.

Recommendations For versions prior to 4.1.5, update to version 4.1.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the class.ajax.php file and limiting the use of the check email function until a patch is applied. Avoid using the id parameter in the edit registry action to "index.php" until the issue is resolved.