CVE-2006-1278

Name of the Vulnerable Software and Affected Versions @1 File Store version 2006.03.07 @1 File Store PRO version 3.2

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the id parameter to various PHP files, including "functions.php" and "user.php" in the libs directory, and other files in different directories. Additionally, the email parameter in "password.php" and the id parameter in "folder.php" are vulnerable.

Recommendations For @1 File Store version 2006.03.07, avoid using the id parameter in the affected API endpoints until the issue is resolved. For @1 File Store version 2006.03.07, restrict access to the vulnerable "password.php" and "folder.php" files to minimize the risk of exploitation. For @1 File Store PRO version 3.2, consider disabling the affected "confirm.php" and "download.php" functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.