CVE-2010-2691

Name of the Vulnerable Software and Affected Versions 2daybiz Custom T-Shirt Design Script (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the sbid parameter to "products details.php", the pid parameter to "products/products.php", and the designid parameter to "designview.php".

Recommendations For 2daybiz Custom T-Shirt Design Script, consider restricting access to the vulnerable API endpoints "products details.php", "products/products.php", and "designview.php" until a patch is available. As a temporary workaround, avoid using the parameters sbid, pid, and designid in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.