CVE-2008-3556

Name of the Vulnerable Software and Affected Versions Battle.net Clan Script version 1.5.2

Description The issue concerns SQL injection vulnerabilities in the index.php file. Remote attackers can execute arbitrary SQL commands by manipulating the showmember parameter in a members action and the thread parameter in a board action.

Recommendations For Battle.net Clan Script version 1.5.2, consider restricting access to the index.php file until a patch is available. As a temporary workaround, avoid using the showmember parameter in members actions and the thread parameter in board actions to minimize the risk of exploitation.