CVE-2006-1685

Name of the Vulnerable Software and Affected Versions: APT-webshop-system versions 3.0 BASIC, 3.0 LIGHT, 4.0 PRO

Description: The issue allows remote attackers to execute arbitrary SQL commands via the group, seite, and id parameters, possibly involving the artikel functionality. This also leads to resultant path disclosure when the SQL queries are invalid.

Recommendations: For APT-webshop-system versions 3.0 BASIC, 3.0 LIGHT, 4.0 PRO, consider restricting access to the vulnerable modules.php file until a patch is available. As a temporary workaround, avoid using the group, seite, and id parameters in the affected modules until the issue is resolved.