Ugur Can Engin

Name of the Vulnerable Software and Affected Versions: Meto Forum version 1.1 Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in various parameters, including the `id` parameter to "admin/duzenle.asp" and "admin oku.asp", the `kid` parameter to "kategori.asp" and "admin kategori.asp", and unspecified parameters to "uye.asp" and "oku.asp". Recommendations: For Meto Forum version 1.1, consider restricting access to the affected API endpoints "admin/duzenle.asp", "admin oku.asp", "kategori.asp", "admin kategori.asp", "uye.asp", and "oku.asp" until a patch is available. As a temporary workaround, avoid using the `id` and `kid` parameters in the respective affected endpoints.