CVE-2008-5569

Name of the Vulnerable Software and Affected Versions PHPepperShop version 1.4

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially leading to cross-site scripting (XSS) attacks. This can be achieved by manipulating the PATH INFO to specific PHP files, including "index.php", "shop/kontakt.php", "shop kunden mgmt.php", and "SHOP KONFIGURATION.php" in the "shop/Admin/" directory.

Recommendations For PHPepperShop version 1.4, consider restricting access to the mentioned PHP files until a patch is available. As a temporary workaround, avoid using the PATH INFO to inject arbitrary web script or HTML in the affected files, such as "index.php", "shop/kontakt.php", "shop kunden mgmt.php", and "SHOP KONFIGURATION.php".