CVE-2005-4554

Name of the Vulnerable Software and Affected Versions DEV web management system versions 1.5 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the cat parameter in an openforum action in index.php, the cat parameter in getfile.php, and the target parameter in download now.php.

Recommendations For DEV web management system versions 1.5 and earlier, update to a version later than 1.5 to resolve the issue. As a temporary workaround, consider restricting access to the openforum action in index.php, getfile.php, and download now.php to minimize the risk of exploitation. Avoid using the cat parameter in index.php and getfile.php and the target parameter in download now.php until the issue is resolved.