CVE-2007-3987

Name of the Vulnerable Software and Affected Versions: ImageRacer version 1.0

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through a SQL injection vulnerability in the SearchResults.asp file when the WordSearchCrit feature is enabled. The vulnerability is exploited via the SearchWord parameter in the affected API endpoint "/SearchResults.asp".

Recommendations: For ImageRacer version 1.0, consider disabling the WordSearchCrit feature until a patch is available. Restrict access to the SearchResults.asp file to minimize the risk of exploitation. Avoid using the SearchWord parameter in the affected endpoint until the issue is resolved.