CVE-2006-2814

Name of the Vulnerable Software and Affected Versions iShopCart versions prior to the version that fixes the issue in easy-scart.c through easy-scart6.c

Description The issue is related to multiple buffer overflows in the vGetPost and main functions. Remote attackers can execute arbitrary code by sending a large amount of data containing "Submit" in an sslinvoice action. Additionally, remote attackers can have an unknown impact via a large amount of posted data.

Recommendations For iShopCart versions prior to the version that fixes the issue in easy-scart.c through easy-scart6.c, consider disabling the vGetPost and main functions in easy-scart.c through easy-scart6.c as a temporary workaround until a patch is available. Restrict access to the sslinvoice action to minimize the risk of exploitation. Avoid using the sslinvoice action with a large amount of posted data until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.