CVE-2007-6579

Name of the Vulnerable Software and Affected Versions Ip Reg version 0.3 Ip Reg version 0.4

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several API endpoints, including "vlanview.php", "vlanedit.php", "vlandel.php", "assetclassgroupview.php", and "nodelist.php", by manipulating specific parameters such as vlan id, assetclassgroup id, and subnet id.

Recommendations For Ip Reg version 0.3, consider restricting access to the vulnerable API endpoints "vlanview.php", "vlanedit.php", "vlandel.php", "assetclassgroupview.php", and "nodelist.php" until a patch is available. For Ip Reg version 0.4, restrict access to the "vlanview.php" and "vlandel.php" endpoints as a temporary workaround. Avoid using the parameters vlan id, assetclassgroup id, and subnet id in the affected API endpoints until the issue is resolved.