CVE-2008-2492

Name of the Vulnerable Software and Affected Versions: Campus Bulletin Board version 3.4

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the id parameter to the "post3/view.asp" endpoint and the review parameter to the "post3/book.asp" endpoint.

Recommendations: For Campus Bulletin Board version 3.4, consider restricting access to the post3/view.asp and post3/book.asp endpoints until a patch is available. As a temporary workaround, avoid using the id and review parameters in these endpoints to minimize the risk of exploitation.