CVE-2006-2165

Name of the Vulnerable Software and Affected Versions Avactis Shopping Cart versions 0.1.2 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially resulting from SQL injection, via specific parameters in certain PHP files. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. Technical details about exploitation include API endpoints such as "store special offers.php" and "store.php" with vulnerable parameters like category id, and "product info.php" with a vulnerable parameter like prod id.

Recommendations For Avactis Shopping Cart versions 0.1.2 and earlier, consider disabling the category id and prod id parameters in the affected API endpoints until a patch is available. Restrict access to the vulnerable PHP files "store special offers.php", "store.php", and "product info.php" to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.