CVE-2006-3135

Name of the Vulnerable Software and Affected Versions CMS Mundo version 1.0 build 008

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters and fields, including the news id parameter in the news module, searchstring parameter in the search module, id parameter in the webshop module, username parameter in index.php, and various fields during a user profile update, such as Name, Address, Zip, City, Country, and Email.

Recommendations For CMS Mundo version 1.0 build 008, consider restricting access to the news, search, and webshop modules, and limit user profile updates until a fix is available. As a temporary workaround, avoid using the news id, searchstring, id, and username parameters in their respective modules, and be cautious with user input in the Name, Address, Zip, City, Country, and Email fields during user profile updates.