CVE-2006-1706

Name of the Vulnerable Software and Affected Versions: Shopweezle version 2.0

Description: The issue allows remote attackers to execute arbitrary SQL commands, which can lead to full path disclosure from invalid SQL queries. This is achieved through SQL injection vulnerabilities in several parameters, including the itemID parameter to "login.php" and "memo.php", and the itemgr, brandID, and album parameters to "index.php".

Recommendations: For Shopweezle version 2.0, consider disabling the login.php, memo.php, and index.php scripts until a patch is available to prevent exploitation of the SQL injection vulnerabilities. Restrict access to these scripts to minimize the risk of path disclosure. Avoid using the itemID, itemgr, brandID, and album parameters in the affected scripts until the issue is resolved.