CVE-2009-4689

Name of the Vulnerable Software and Affected Versions PHP Shopping Cart Selling Website Script (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary SQL commands via the cid parameter in the "index.php" file. This can be exploited by sending malicious input to the vulnerable parameter.

Recommendations For PHP Shopping Cart Selling Website Script, avoid using the cid parameter in the "index.php" file until the issue is resolved. As a temporary workaround, consider validating and sanitizing all user input to the cid parameter to prevent SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.