Joomla · Joomla! Simple Shop Galore · CVE-2008-2568
**Name of the Vulnerable Software and Affected Versions**
Joomla! Simple Shop Galore (com simpleshop) versions 3.4 and earlier
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `catid` parameter in a browse action to "index.php".
**Recommendations**
For versions 3.4 and earlier, consider restricting access to the `catid` parameter in the affected API endpoint until a patch is available. Avoid using the `catid` parameter in a browse action to "index.php" until the issue is resolved.