CVE-2005-3939

Name of the Vulnerable Software and Affected Versions WSN Knowledge Base versions 1.2.0 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters in different files, including catid, perpage, ascdesc, and orderlinks in a displaycat action in index.php, and the id parameter in comments.php and memberlist.php.

Recommendations For WSN Knowledge Base versions 1.2.0 and earlier, as a temporary workaround, consider restricting access to the displaycat action in index.php and the id parameter in comments.php and memberlist.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.