CVE-2007-3013

Name of the Vulnerable Software and Affected Versions: activeWeb contentserver versions prior to 5.6.2964

Description: The issue allows remote authenticated users with edit permission to execute arbitrary SQL commands. This can be achieved via the id parameter to the "admin/picture/picture real edit.asp" API endpoint, and possibly other unspecified vectors.

Recommendations: For versions prior to 5.6.2964, update to version 5.6.2964 or later to resolve the issue. As a temporary workaround, consider restricting access to the "admin/picture/picture real edit.asp" endpoint and limiting the use of the id parameter to minimize the risk of exploitation.