CVE-2007-6375

Name of the Vulnerable Software and Affected Versions Bitweaver versions 2.0.0 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the sort mode parameter to "wiki/list pages.php" and the highlight parameter to "search/index.php".

Recommendations For versions 2.0.0 and earlier, update to a version later than 2.0.0 to resolve the issue. As a temporary workaround, consider restricting access to the "wiki/list pages.php" and "search/index.php" endpoints until a patch is available. Avoid using the sort mode and highlight parameters in the affected API endpoints until the issue is resolved.