CVE-2007-3394

Name of the Vulnerable Software and Affected Versions eNdonesia version 8.4

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via two parameters: the artid parameter to "mod.php" in a "viewarticle" action within the publisher module, and the bid parameter to "banners.php" in a "click" action.

Recommendations For eNdonesia version 8.4, consider restricting access to the mod.php and banners.php files until a patch is available. As a temporary workaround, avoid using the artid and bid parameters in the respective actions. At the moment, there is no information about a newer version that contains a fix for this issue.