CVE-2008-3129

Name of the Vulnerable Software and Affected Versions: Catviz version 0.4 beta 1

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is possible via the foreign key value parameter in the news page and the webpage parameter in the webpage multi edit form.

Recommendations: For Catviz version 0.4 beta 1, consider restricting access to the foreign key value and webpage parameters in the respective forms until a patch is available. As a temporary workaround, avoid using these parameters in the affected API endpoints. At the moment, there is no information about a newer version that contains a fix for this vulnerability.