CVE-2008-2181

Name of the Vulnerable Software and Affected Versions cpLinks version 1.03

Description The issue allows remote attackers to inject arbitrary web script or HTML via the search text and search category parameters in the "search.php" file. This reportedly occurs in a forced SQL error message.

Recommendations For cpLinks version 1.03, consider restricting the input for the search text and search category parameters to prevent arbitrary web script or HTML injection until a patch is available. As a temporary workaround, avoid using the search text and search category parameters in the affected "search.php" file.