CVE-2006-2139

Name of the Vulnerable Software and Affected Versions PHP Newsfeed version 20040723

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via various parameters to different PHP files, including the name parameter to 'deltables.php', select, header, url, source, or time parameters to 'manualsubmit.php', num parameter to 'delete.php', or tablename parameter to 'searchnews.php'.

Recommendations For PHP Newsfeed version 20040723, consider restricting access to the vulnerable parameters, such as name, select, header, url, source, time, num, and tablename, in the respective PHP files until a patch is available. As a temporary workaround, avoid using these parameters in the affected API endpoints.