CVE-2006-6478

Name of the Vulnerable Software and Affected Versions AnnonceScriptHP version 2.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters in different files, including the id parameter in "email.php", the no parameter in "voirannonce.php", the idmembre parameter in "admin/admin membre/fiche membre.php", and the idannonce parameter in "admin/admin annonce/okvalannonce.php" and "admin/admin annonce/changeannonce.php".

Recommendations For AnnonceScriptHP version 2.0, consider restricting access to the vulnerable parameters id, no, idmembre, and idannonce in the respective files until a patch is available. As a temporary workaround, disabling the execution of SQL commands from these parameters can help minimize the risk of exploitation.