CVE-2006-0205

Name of the Vulnerable Software and Affected Versions Wordcircle version 2.17

Description The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication via the password field in the login action to "index.php" (involving v login.php and s user.php). It may also have other unknown impact via certain other fields in unspecified scripts.

Recommendations For Wordcircle version 2.17, consider restricting access to the login action in "index.php" and validating user input in the password field to prevent SQL injection attacks. As a temporary workaround, restrict access to v login.php and s user.php to minimize the risk of exploitation. Avoid using user-supplied input in SQL queries until the issue is resolved.