CVE-2008-6760

Name of the Vulnerable Software and Affected Versions: ViArt Shop (aka Shopping Cart) version 3.5

Description: The issue allows remote attackers to obtain sensitive information via an unauthenticated add and save action for a shopping cart in the cart save.php file. This occurs because the code mishandles the lack of a user id parameter, resulting in an error message that reveals the SQL table names.

Recommendations: For version 3.5, consider modifying the cart save.php file to properly handle the absence of the user id parameter, preventing the disclosure of SQL table names in error messages. As a temporary workaround, restrict access to the cart save.php file to minimize the risk of exploitation.