CVE-2006-2987

Name of the Vulnerable Software and Affected Versions Dominios Europa PICRATE (aka TAL RateMyPic) version 1.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters to specific API endpoints, including id, voteid, and vfiel parameters to "index.php", and nick, email, city, messen, and message form field parameters to "add.php".

Recommendations For Dominios Europa PICRATE (aka TAL RateMyPic) version 1.0, consider restricting access to the "index.php" and "add.php" endpoints until a patch is available. As a temporary workaround, avoid using the id, voteid, vfiel, nick, email, city, messen, and message parameters in the affected API endpoints.