CVE-2006-5107

Name of the Vulnerable Software and Affected Versions CubeCart versions 2.0.x

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved through several parameters in different files, including the user name parameter in "admin/forgot pass.php", the order id parameter in "view order.php" and "admin/print order.php", and the view doc parameter in "view doc.php".

Recommendations For CubeCart version 2.0.x, update to a version that includes a fix for the SQL injection vulnerabilities. As a temporary workaround, consider restricting access to the affected files, specifically "admin/forgot pass.php", "view order.php", "view doc.php", and "admin/print order.php", to minimize the risk of exploitation. Avoid using the user name, order id, and view doc parameters in the respective affected files until the issue is resolved.