CVE-2008-2770

Name of the Vulnerable Software and Affected Versions MycroCMS version 0.5

Description The issue allows remote attackers to execute arbitrary SQL commands. This is possible due to a SQL injection vulnerability in the index.php file when magic quotes gpc is disabled. The vulnerability can be exploited via the entry id parameter in the API endpoint "/index.php".

Recommendations For MycroCMS version 0.5, consider disabling the entry id parameter in the index.php file until a patch is available, or enable magic quotes gpc to prevent SQL injection attacks.