CVE-2005-4614

Name of the Vulnerable Software and Affected Versions digiSHOP versions 3.1.17 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands or obtain the full installation path. This can be achieved via the c parameter in "cart.php" or unspecified search module parameters.

Recommendations For digiSHOP versions 3.1.17 and earlier, update to a version later than 3.1.17 to resolve the issue. As a temporary workaround, consider restricting access to the "cart.php" endpoint and search module parameters to minimize the risk of exploitation.