CVE-2006-4748

Name of the Vulnerable Software and Affected Versions F-ART BLOG:CMS version 4.1

Description The issue allows remote attackers to execute arbitrary SQL commands via the xagent, xpath, xreferer, and xdns parameters in admin/plugins/NP Log.php, and the pitem parameter in admin/plugins/NP Poll.php. Additionally, remote authenticated users can execute arbitrary SQL commands via the pageRef parameter in admin/plugins/NP Referrer.php.

Recommendations For F-ART BLOG:CMS version 4.1, consider disabling the NP Log.php, NP Poll.php, and NP Referrer.php plugins until a patch is available. Restrict access to the xagent, xpath, xreferer, xdns, pitem, and pageRef parameters to minimize the risk of exploitation. Avoid using these parameters in the affected API endpoints until the issue is resolved.