CVE-2005-2259

Name of the Vulnerable Software and Affected Versions: USANet Shopping Mall Software (affected versions not specified) Domain Name Auction Software (affected versions not specified) Standard Classified Ads Software (affected versions not specified) MakeBid Reverse Auction (affected versions not specified)

Description: The issue allows remote attackers to execute arbitrary code via shell metacharacters in the DISPCLOSED parameter, specifically in the dispallclosed2 function. This function is part of the dispallclosed.pl script used in multiple USANet Creations products.

Recommendations: For USANet Shopping Mall Software, restrict access to the dispallclosed2 function until a patch is available. For Domain Name Auction Software, avoid using the DISPCLOSED parameter in the affected API endpoint until the issue is resolved. For Standard Classified Ads Software, consider disabling the dispallclosed2 function as a temporary workaround. For MakeBid Reverse Auction, restrict the use of shell metacharacters in the DISPCLOSED parameter to minimize the risk of exploitation.