CVE-2007-4810

Name of the Vulnerable Software and Affected Versions: Netjuke versions 1.0-rc2

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via two different parameters: the ge id parameter in a "list.artists" action to "explore.php" or the id parameter in a "show.tracks" action to "xml.php".

Recommendations: For Netjuke version 1.0-rc2, avoid using the ge id parameter in the "list.artists" action to "explore.php" and the id parameter in the "show.tracks" action to "xml.php" until a patch is available. As a temporary workaround, consider restricting access to the "explore.php" and "xml.php" files to minimize the risk of exploitation.