CVE-2006-3358

Name of the Vulnerable Software and Affected Versions NewsPHP 2006 PRO

Description The issue allows remote attackers to inject arbitrary web script or HTML via the words, id, cat id, and tim parameters in index.php, which are not properly sanitized before being returned in an error page. This could be related to an SQL injection issue.

Recommendations For NewsPHP 2006 PRO, ensure that the words, id, cat id, and tim parameters in index.php are properly sanitized to prevent arbitrary web script or HTML injection. Consider validating and escaping user input for these parameters to minimize the risk of exploitation.