Nkinfoweb · Nkinfoweb · CVE-2010-1599
**Name of the Vulnerable Software and Affected Versions**
NKInFoWeb versions 2.5 and 5.2.2.0
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id sp` parameter in the loadorder.php file.
**Recommendations**
For NKInFoWeb version 2.5, update to a version that fixes this issue.
For NKInFoWeb version 5.2.2.0, update to a version that fixes this issue.
As a temporary workaround, consider restricting access to the loadorder.php file to minimize the risk of exploitation. Avoid using the `id sp` parameter in the affected API endpoint until the issue is resolved.