CVE-2006-3610

Name of the Vulnerable Software and Affected Versions OrbitMATRIX version 1.0

Description The issue allows remote attackers to obtain sensitive information, specifically partial database schema, by modifying the page name parameter in index.php. This modification reflects portions of an SQL query in the result. However, it is unclear whether the exposed information is target-specific.

Recommendations For OrbitMATRIX version 1.0, consider restricting access to the index.php file or modifying the page name parameter handling to prevent SQL query reflection until a proper fix is available. As a temporary workaround, avoid using the page name parameter in the affected endpoint.