CVE-2005-4787

Name of the Vulnerable Software and Affected Versions Turnkey Web Tools SunShop Shopping Cart (affected versions not specified)

Description The issue allows remote attackers to obtain sensitive information via a phpinfo action to specific API endpoints: "index.php", "admin/index.php", and "admin/adminindex.php". These endpoints execute the PHP phpinfo() function, potentially disclosing sensitive information. The vendor has disputed this issue, stating it is intended for troubleshooting purposes and requires knowledge of the shop's location to exploit.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.