CVE-2005-0292

Name of the Vulnerable Software and Affected Versions PHP Gift Registry versions 1.4.0 through 1.5.0b1

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting SQL injection vulnerabilities in the index.php file via the messageid, shopper, shopfor, or itemid parameters.

Recommendations For PHP Gift Registry versions 1.4.0 through 1.5.0b1, update to version 1.5.0b1 or later to resolve the issue. As a temporary workaround, consider restricting access to the index.php file or validating and sanitizing the messageid, shopper, shopfor, and itemid parameters to prevent SQL injection attacks.