CVE-2006-1232

Name of the Vulnerable Software and Affected Versions DSDownload version 1.0

Description The issue concerns SQL injection vulnerabilities. Remote attackers can execute arbitrary SQL commands via the key and category parameters to "search.php" and "downloads.php" API endpoints when magic quotes gpc is disabled.

Recommendations For DSDownload version 1.0, consider disabling the search.php and downloads.php scripts until a patch is available, or restrict access to these endpoints to minimize the risk of exploitation. Avoid using the key and category parameters in the affected API endpoints until the issue is resolved.