CVE-2007-3290

Name of the Vulnerable Software and Affected Versions LiveCMS versions 3.4 and earlier

Description The issue allows remote attackers to obtain sensitive information via a ' (quote) character in the cid parameter, which reveals the path in a forced SQL error message.

Recommendations For LiveCMS versions 3.4 and earlier, update to a version later than 3.4 to resolve the issue. As a temporary workaround, consider restricting access to the categoria.php file to minimize the risk of exploitation. Avoid using the cid parameter in the affected endpoint until the issue is resolved.