CVE-2008-3302

Name of the Vulnerable Software and Affected Versions: BilboBlog version 0.2.1

Description: The issue allows remote authenticated administrators to execute arbitrary SQL commands. This is achieved through an SQL injection vulnerability in the admin/delete.php file when the magic quotes gpc setting is disabled. The num parameter is specifically vulnerable to this type of attack.

Recommendations: For BilboBlog version 0.2.1, consider disabling the num parameter in the admin/delete.php file until a patch is available, or ensure that the magic quotes gpc setting is enabled to mitigate the risk of SQL injection attacks.