CVE-2007-1634

Name of the Vulnerable Software and Affected Versions: Net Portal Dynamic System (NPDS) versions 5.10 and earlier

Description: The issue allows remote attackers to conduct SQL injection attacks. This is achieved via the FILES[DB][tmp name] parameter to the "print.php" endpoint, which overwrites the $DB variable with dynamic variable evaluation.

Recommendations: For Net Portal Dynamic System (NPDS) versions 5.10 and earlier, consider restricting access to the "print.php" endpoint until a fix is available. As a temporary workaround, avoid using the FILES[DB][tmp name] parameter in the affected endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.