CVE-2007-1550

Name of the Vulnerable Software and Affected Versions phpx version 3.5.15

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters to different PHP files, including image id or cat id to "gallery.php", news id to "news.php" or "print.php", news cat id to "news.php", cat id, topic id, or post id to "forums.php", or user id to "users.php".

Recommendations For phpx version 3.5.15, consider restricting access to the vulnerable parameters image id, cat id, news id, news cat id, cat id, topic id, post id, and user id in their respective PHP files until a patch is available. As a temporary workaround, disabling the execution of arbitrary SQL commands via these parameters can help minimize the risk of exploitation.