CVE-2006-1685 Information

Description

Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO 3.0 BASIC and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the (1) group (2) seite and (3) id parameter possibly involving the artikel functionality. NOTE: this vulnerability also allows resultant path disclosure when the SQL queries are invalid.

Reference

http://pridels0.blogspot.com/2006/04/apt-webshop-system-vuln.html http://secunia.com/advisories/19592 http://www.securityfocus.com/bid/17425 http://www.vupen.com/english/advisories/2006/1293 https://exchange.xforce.ibmcloud.com/vulnerabilities/25731