CVE-2006-1008

Name of the Vulnerable Software and Affected Versions N8cms versions 1.1 through 1.2

Description The issue allows remote attackers to inject arbitrary web script or HTML, potentially resulting from SQL injection. This can be achieved via the dir and page id parameters to "index.php" and the userid parameter to "mailto.php".

Recommendations For versions 1.1 and 1.2, consider restricting access to the index.php and mailto.php files until a patch is available. As a temporary workaround, avoid using the dir, page id, and userid parameters in the affected API endpoints.