CVE-2007-2299

Name of the Vulnerable Software and Affected Versions Frogss CMS versions 0.7 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the dzial parameter to "katalog.php", or the t parameter to "forum.php" or "forum/viewtopic.php".

Recommendations For Frogss CMS versions 0.7 and earlier, consider disabling the dzial parameter in "katalog.php" and the t parameter in "forum.php" and "forum/viewtopic.php" as a temporary workaround until a patch is available. Restrict access to "katalog.php", "forum.php", and "forum/viewtopic.php" to minimize the risk of exploitation.