CVE-2007-6345

Name of the Vulnerable Software and Affected Versions aurora framework versions prior to 20071208

Description The issue allows remote attackers to execute arbitrary SQL commands, possibly through the value parameter to the pack var function in module/db.lib/db mysql.lib.

Recommendations For versions prior to 20071208, update to a version released after 20071208 to resolve the issue. As a temporary workaround, consider restricting access to the pack var function in module/db.lib/db mysql.lib to minimize the risk of exploitation. Avoid using the value parameter in the affected function until the issue is resolved.