CVE-2006-1534

Name of the Vulnerable Software and Affected Versions: Null news (affected versions not specified)

Description: The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerabilities are found in the user email parameter in lostpass.php, and in the user email and user username parameters in sub.php and unsub.php.

Recommendations: For Null news, consider restricting access to the lostpass.php, sub.php, and unsub.php scripts until a fix is available. As a temporary workaround, avoid using the user email and user username parameters in the affected scripts. Restrict input for the user email and user username parameters to minimize the risk of exploitation.