CVE-2008-0451

Name of the Vulnerable Software and Affected Versions PacerCMS version 0.6

Description The issue allows remote authenticated users to execute arbitrary SQL commands. This is possible via the id parameter to /siteadmin/article-edit.php and unspecified parameters to several other PHP files in the siteadmin/ directory, including submitted-edit.php, page-edit.php, section-edit.php, staff-edit.php, and staff-access.php.

Recommendations For PacerCMS version 0.6, consider restricting access to the siteadmin/ directory and its files, specifically /siteadmin/article-edit.php, submitted-edit.php, page-edit.php, section-edit.php, staff-edit.php, and staff-access.php, until a patch is available. Avoid using the id parameter in the affected API endpoint /siteadmin/article-edit.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.