CVE-2008-5774

Name of the Vulnerable Software and Affected Versions ASPSiteWare HomeBuilder versions 1.0 through 2.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the iType parameter to API endpoints such as "type.asp" and "type2.asp", and the iPro parameter to the "detail.asp" endpoint.

Recommendations For ASPSiteWare HomeBuilder versions 1.0 through 2.0, consider restricting access to the vulnerable API endpoints "type.asp", "type2.asp", and "detail.asp" to minimize the risk of exploitation. Avoid using the iType and iPro parameters in these endpoints until the issue is resolved.