CVE-2008-5838

Name of the Vulnerable Software and Affected Versions E-Shop (aka E-Php Shopping Cart) Shopping Cart Script (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the cid parameter in the search results.php file.

Recommendations For the affected version, consider restricting access to the cid parameter in the search results.php file until a patch is available. As a temporary workaround, avoid using the cid parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.