CVE-2007-0128

Name of the Vulnerable Software and Affected Versions Digirez versions 3.4 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the book id parameter in the "info book.asp" endpoint.

Recommendations For Digirez versions 3.4 and earlier, update to a version later than 3.4 to resolve the issue. As a temporary workaround, consider restricting access to the "info book.asp" endpoint or validating and sanitizing the book id parameter to prevent SQL injection attacks.