CVE-2005-2477

Name of the Vulnerable Software and Affected Versions Naxtor Shopping Cart version 1.0

Description The issue allows remote attackers to obtain sensitive information. This is possibly due to an SQL injection vulnerability, where an error message reveals the path when a cat id with a single quote is used.

Recommendations For Naxtor Shopping Cart version 1.0, consider validating and sanitizing user input to prevent SQL injection attacks, and avoid displaying sensitive information in error messages. As a temporary workaround, restrict access to the shop display products.php file until a patch is available.