CVE-2007-4163

Name of the Vulnerable Software and Affected Versions IndexScript versions 2.7 and 2.8 before 20070726

Description The issue allows remote attackers to execute arbitrary SQL commands via the cat id, start id, row[parent id], and row[cat id] parameters. This is related to the use of these parameters within the include/utils.php component.

Recommendations For IndexScript versions 2.7 and 2.8 before 20070726, consider restricting access to the parameters cat id, start id, row[parent id], and row[cat id] in the affected components until a fix is available. As a temporary workaround, avoid using these parameters in the include/utils.php file to minimize the risk of exploitation.