CVE-2008-2535

Name of the Vulnerable Software and Affected Versions Phoenix View CMS versions Pre Alpha2 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the del parameter to several API endpoints, including "gbuch.admin.php", "links.admin.php", "menue.admin.php", "news.admin.php", and "todo.admin.php" in the "admin/module/" directory.

Recommendations For Phoenix View CMS versions Pre Alpha2 and earlier, consider restricting access to the vulnerable API endpoints until a fix is available. As a temporary workaround, avoid using the del parameter in the affected endpoints.