CVE-2007-3705

Name of the Vulnerable Software and Affected Versions FuseTalk version 2.0

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the FTVAR SUBCAT (also known as txForumID) parameter to the "forum/index.cfm" endpoint and possibly other unspecified components, related to "forum/include/error/forumerror.cfm".

Recommendations For FuseTalk version 2.0, as a temporary workaround, consider restricting access to the "forum/index.cfm" endpoint until a patch is available. Avoid using the FTVAR SUBCAT (txForumID) parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.