CVE-2005-1822

Name of the Vulnerable Software and Affected Versions Qualiteam X-Cart version 4.0.8

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via various parameters in different PHP files, including cat or printable in 'home.php', productid or mode in 'product.php', id in 'error message.php', section in 'help.php', mode in 'orders.php', mode in 'register.php', mode in 'search.php', or gcid and gcindex in 'giftcert.php'.

Recommendations For Qualiteam X-Cart version 4.0.8, consider restricting access to the mentioned PHP files and parameters until a patch is available. As a temporary workaround, avoid using the parameters cat, printable, productid, mode, id, section, gcid, and gcindex in their respective files to minimize the risk of exploitation.