CVE-2006-1920

Name of the Vulnerable Software and Affected Versions PMTool version 1.2.2

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the order parameter in the include files, specifically user.inc.php, customer.inc.php, and project.inc.php.

Recommendations For PMTool version 1.2.2, consider restricting access to the order parameter in the affected include files until a patch is available. As a temporary workaround, avoid using the order parameter in the include files user.inc.php, customer.inc.php, and project.inc.php to minimize the risk of exploitation.