CVE-2008-3598

Name of the Vulnerable Software and Affected Versions psipuss version 1.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via two parameters: the Cid parameter to the "categories.php" endpoint or the Username parameter to the "login.php" endpoint.

Recommendations For psipuss version 1.0, consider restricting access to the "categories.php" and "login.php" endpoints until a patch is available. As a temporary workaround, avoid using the Cid and Username parameters in these endpoints to minimize the risk of exploitation.