CVE-2008-4072

Name of the Vulnerable Software and Affected Versions phsBlog version 0.2

Description The issue concerns SQL injection vulnerabilities in the index.php file of phsBlog. Remote attackers can execute arbitrary SQL commands via the sid parameter in a pickup action or the sql cid parameter.

Recommendations For phsBlog version 0.2, consider restricting access to the sid and sql cid parameters in the index.php file to minimize the risk of exploitation. As a temporary workaround, avoid using these parameters in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.