CVE-2006-3394

Name of the Vulnerable Software and Affected Versions BXCP version 0.3.0.4

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the where parameter in a "view" action, specifically in the files mod in index.php.

Recommendations For BXCP version 0.3.0.4, consider restricting access to the where parameter in the "view" action to minimize the risk of exploitation. Avoid using the where parameter in the affected API endpoint until the issue is resolved.