CVE-2005-4243

Name of the Vulnerable Software and Affected Versions QuickPayPro version 3.1

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in various parameters, including the popupid parameter in "popups.edit.php", so, sb, and nr parameters in "customer.tickets.view.php", subrackingid parameter in "subscribers.tracking.edit.php", delete parameter in "design.php", trackingid parameter in "tracking.details.php", and customerid parameter in "sales.view.php".

Recommendations For QuickPayPro version 3.1, consider restricting access to the affected parameters, such as popupid, so, sb, nr, subrackingid, delete, trackingid, and customerid, until a patch is available. As a temporary workaround, avoid using these parameters in the respective API endpoints.