CVE-2007-5061

Name of the Vulnerable Software and Affected Versions Clansphere version 2007.4

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the cat id parameter in the /index.php endpoint, specifically in a banners action.

Recommendations For Clansphere version 2007.4, consider restricting access to the navlist.php file in the mods/banners directory until a patch is available. As a temporary workaround, avoid using the cat id parameter in the /index.php endpoint for banners actions to minimize the risk of exploitation.