CVE-2007-2599

Name of the Vulnerable Software and Affected Versions TutorialCMS versions 1.00 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters and files, including the catFile parameter to "browseCat.php" or "browseSubCat.php", the id parameter to "openTutorial.php", "topFrame.php", or "admin/editListing.php", and the search parameter to "search.php".

Recommendations For TutorialCMS versions 1.00 and earlier, consider restricting access to the vulnerable parameters catFile, id, and search until a patch is available. As a temporary workaround, avoid using these parameters in the affected files "browseCat.php", "browseSubCat.php", "openTutorial.php", "topFrame.php", "admin/editListing.php", and "search.php" to minimize the risk of exploitation.