CVE-2006-1362

Name of the Vulnerable Software and Affected Versions Mini-Nuke CMS System versions 1.8.2 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the uid parameter in "members.asp", the catid parameter in "articles.asp" and "programs.asp", and the id parameter in "hpages.asp" and "forum.asp".

Recommendations For Mini-Nuke CMS System versions 1.8.2 and earlier, consider restricting access to the vulnerable parameters uid, catid, and id in the respective ASP pages until a fix is available. As a temporary workaround, avoid using these parameters in the affected API endpoints.