CVE-2007-3313

Name of the Vulnerable Software and Affected Versions Jasmine CMS version 1.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the login username parameter to "login.php" or the item parameter to "news.php".

Recommendations For Jasmine CMS version 1.0, consider restricting access to "login.php" and "news.php" until a patch is available. As a temporary workaround, avoid using the login username and item parameters in the affected API endpoints.