CVE-2006-3963

Name of the Vulnerable Software and Affected Versions Banex PHP MySQL Banner Exchange version 2.21

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the site name parameter to the "signup.php" endpoint, and the id, deleteuserbanner, viewmem, viewmemunb, viewunmem, or deleteuser parameters to the "admin.php" endpoint.

Recommendations For Banex PHP MySQL Banner Exchange version 2.21, consider restricting access to the "signup.php" and "admin.php" endpoints until a fix is available. As a temporary workaround, avoid using the site name, id, deleteuserbanner, viewmem, viewmemunb, viewunmem, and deleteuser parameters in the affected endpoints to minimize the risk of exploitation.