CVE-2005-4226

Name of the Vulnerable Software and Affected Versions phpWebThings version 1.4

Description The issue allows remote attackers to execute arbitrary SQL commands via several parameters in different PHP files, including ref in "download.php", direction, msg, sforum, reason, subname, and toform in "forum.php", msg and forum in "forum edit.php" and "forum write.php", tekst in "guestbook.php", menuoption in "index.php", and sel avatar in "myaccount.php".

Recommendations For phpWebThings version 1.4, consider updating to a patched version to resolve the issue. As a temporary workaround, restrict access to the vulnerable parameters in the affected PHP files until a patch is available. Avoid using the parameters ref, direction, msg, sforum, reason, subname, toform, tekst, menuoption, and sel avatar in their respective API endpoints until the issue is resolved.