CVE-2005-0725

Name of the Vulnerable Software and Affected Versions WF-Sections (wfsections) version 1.07

Description The issue concerns a SQL injection vulnerability in the getAllbyArticle function in wfsfiles.php. This allows remote attackers to execute arbitrary SQL commands via the articleid parameter to "article.php".

Recommendations For WF-Sections (wfsections) version 1.07, consider restricting access to the vulnerable getAllbyArticle function in wfsfiles.php until a patch is available. As a temporary workaround, avoid using the articleid parameter in the "article.php" endpoint to minimize the risk of exploitation.