CVE-2006-1238

Name of the Vulnerable Software and Affected Versions DSLogin version 1.0

Description The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication. This is achieved via the log userid variable in API endpoints such as "index.php" and "admin/index.php".

Recommendations For DSLogin version 1.0, consider disabling the log userid variable in the affected API endpoints until a patch is available. Restrict access to "index.php" and "admin/index.php" to minimize the risk of exploitation. Avoid using the log userid variable in these endpoints until the issue is resolved.