CVE-2008-2023

Name of the Vulnerable Software and Affected Versions PD9 Software MegaBBS version 2.2

Description The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved via the invisible and timeoffset parameters to the "profile/controlpanel.asp" endpoint and the attachmentid parameter to the "forums/attach-file.asp" endpoint.

Recommendations For PD9 Software MegaBBS version 2.2, consider restricting access to the profile/controlpanel.asp and forums/attach-file.asp endpoints until a patch is available. As a temporary workaround, avoid using the invisible, timeoffset, and attachmentid parameters in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.