CVE-2008-0129

Name of the Vulnerable Software and Affected Versions Site@School versions 2.3.10 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the album name parameter in the /starnet/addons/slideshow full.php endpoint.

Recommendations For Site@School versions 2.3.10 and earlier, update to a version later than 2.3.10 to resolve the issue. As a temporary workaround, consider restricting access to the /starnet/addons/slideshow full.php endpoint to minimize the risk of exploitation. Avoid using the album name parameter in the affected endpoint until the issue is resolved.