CVE-2005-1503

An attacker sends crafted HTTP GET requests to the vulnerable scripts, injecting SQL metacharacters into the `searchstring`, `maingroup`, `secondgroup`, or `code_no` parameters. The advisory demonstrates UNION-based injection to extract credit card numbers from the `card_payment` table. The exploit requires `magic_quotes_gpc` to be Off [ref_id=1].

The advisory identifies SQL injection vulnerabilities in `search_list.php`, `item_list.php`, and `item_show.php`. In `search_list.php` the `$searchstring` parameter is interpolated directly into a query without sanitization. In `item_list.php` the `maingroup` and `secondgroup` parameters are unsanitized. In `item_show.php` the `code_no` parameter is unsanitized.

The advisory states the vendor was contacted and would likely publish a new version; no patch diff is provided. The fix would involve properly escaping or parameterizing user-supplied input before including it in SQL queries, preventing injection of arbitrary SQL commands [ref_id=1].