CVE-2006-4501

Name of the Vulnerable Software and Affected Versions ezPortal/ztml CMS version 1.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the SQL injection vulnerability in the index.php file via various parameters, including about, album, id, use, desc, doc, mname, and max.

Recommendations For ezPortal/ztml CMS version 1.0, as a temporary workaround, consider restricting access to the vulnerable parameters in the index.php file until a patch is available. Avoid using the parameters about, album, id, use, desc, doc, mname, and max in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.