CVE-2007-5430

Name of the Vulnerable Software and Affected Versions: Stride version 1.0

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including p in main.php within the Content Management System, id in shop.php for the Merchant subsystem, and course or provider in detail.php for the Courses subsystem.

Recommendations: For Stride version 1.0, as a temporary workaround, consider restricting access to the main.php, shop.php, and detail.php files until a patch is available. Avoid using the p, id, course, and provider parameters in the respective API endpoints until the issue is resolved.