Icaro

**Name of the Vulnerable Software and Affected Versions** CodeThat ShoppingCart version 1.3.1 **Description** A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This is achieved via the `id` parameter in the catalog.php file. **Recommendations** For CodeThat ShoppingCart version 1.3.1, avoid using the `id` parameter in the catalog.php file until a fix is available. As a temporary workaround, consider validating and sanitizing user input for the `id` parameter to prevent malicious script injection.

**Name of the Vulnerable Software and Affected Versions** CodeThat ShoppingCart version 1.3.1 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the catalog.php file. **Recommendations** For version 1.3.1, avoid using the `id` parameter in the catalog.php file until the issue is resolved. Consider restricting access to the catalog.php file to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** CodeThat ShoppingCart version 1.3.1 **Description** The issue allows remote attackers to obtain sensitive information via a direct request, as the config.ini file is stored under the web root. **Recommendations** For CodeThat ShoppingCart version 1.3.1, consider moving the config.ini file outside of the web root directory to prevent unauthorized access.