Exoduks

**Name of the Vulnerable Software and Affected Versions** MidiCart PHP Shopping Cart (affected versions not specified) **Description** The issue allows remote attackers to obtain sensitive information via a direct request to API endpoints such as "search list.php", "item list.php", or "item show.php". These endpoints reveal the path in a PHP error message, potentially exposing sensitive data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MidiCart PHP Shopping Cart (affected versions not specified) **Description** The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to inject arbitrary web script or HTML. The injection can occur via the `searchstring` parameter to 'search list.php', or the `secondgroup` or `maingroup` parameters to 'item list.php'. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** MidiCart PHP Shopping Cart (affected versions not specified) **Description** The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerable parameters include the `searchstring` parameter to "search list.php", the `maingroup` or `secondgroup` parameters to "item list.php", and the `code no` parameter to "item show.php". **Recommendations** For MidiCart PHP Shopping Cart, consider restricting access to the "search list.php", "item list.php", and "item show.php" scripts until a fix is available. As a temporary workaround, avoid using the `searchstring`, `maingroup`, `secondgroup`, and `code no` parameters in their respective scripts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.