CVE-2005-1503

Name of the Vulnerable Software and Affected Versions MidiCart PHP Shopping Cart (affected versions not specified)

Description The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerable parameters include the searchstring parameter to "search list.php", the maingroup or secondgroup parameters to "item list.php", and the code no parameter to "item show.php".

Recommendations For MidiCart PHP Shopping Cart, consider restricting access to the "search list.php", "item list.php", and "item show.php" scripts until a fix is available. As a temporary workaround, avoid using the searchstring, maingroup, secondgroup, and code no parameters in their respective scripts until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.