CVE-2008-5088

Name of the Vulnerable Software and Affected Versions PHPKB Knowledge Base Software version 1.5 Professional

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in the ID parameter to API endpoints such as "email.php" and "question.php", specifically through the ID parameter.

Recommendations For PHPKB Knowledge Base Software version 1.5 Professional, as a temporary workaround, consider restricting access to the "email.php" and "question.php" API endpoints until a patch is available. Avoid using the ID parameter in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.