CVE-2008-5075

Name of the Vulnerable Software and Affected Versions E-Uploader Pro version 1.0

Description The issue allows remote attackers to execute arbitrary SQL commands when magic quotes gpc is disabled. This can be achieved via the id parameter to various API endpoints such as "img.php", "file.php", "mail.php", "thumb.php", "zip.php", and "zipit.php", and the view parameter to "browser.php".

Recommendations For E-Uploader Pro version 1.0, consider disabling the execution of SQL commands from user input until a patch is available. Restrict access to the id parameter in the affected API endpoints and the view parameter in "browser.php" to minimize the risk of exploitation.