CVE-2007-1548

Name of the Vulnerable Software and Affected Versions Web Wiz Forums version prior to 8.05a

Description The issue is related to a SQL injection vulnerability. It occurs because certain characters in SQL commands are not properly filtered in the functions/functions filters.asp file. This allows remote attackers to execute arbitrary SQL commands via specific sequences, such as backslash double-quote quote sequences, which are collapsed into another sequence. An example of exploitation is via the name parameter to the /forum/pop up member search.asp API endpoint.

Recommendations For versions prior to 8.05a, update to version 8.05a or later to resolve the issue. As a temporary workaround, consider restricting access to the functions/functions filters.asp file and the /forum/pop up member search.asp API endpoint to minimize the risk of exploitation. Avoid using the name parameter in the affected API endpoint until the issue is resolved.