CVE-2008-2448

Name of the Vulnerable Software and Affected Versions: Meto Forum version 1.1

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in various parameters, including the id parameter to "admin/duzenle.asp" and "admin oku.asp", the kid parameter to "kategori.asp" and "admin kategori.asp", and unspecified parameters to "uye.asp" and "oku.asp".

Recommendations: For Meto Forum version 1.1, consider restricting access to the affected API endpoints "admin/duzenle.asp", "admin oku.asp", "kategori.asp", "admin kategori.asp", "uye.asp", and "oku.asp" until a patch is available. As a temporary workaround, avoid using the id and kid parameters in the respective affected endpoints.