CVE-2005-3817

Name of the Vulnerable Software and Affected Versions Softbiz Web Host Directory Script versions 1.1 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including the cid parameter in "search result.php", the sbres id parameter in "review.php", the cid parameter in "browsecats.php", the h id parameter in "email.php", and an unspecified parameter to the "search" module.

Recommendations For Softbiz Web Host Directory Script versions 1.1 and earlier, consider restricting access to the affected parameters, such as cid, sbres id, and h id, until a patch is available. As a temporary workaround, avoid using the unspecified parameter in the search module. At the moment, there is no information about a newer version that contains a fix for this issue.