CVE-2008-6165

Name of the Vulnerable Software and Affected Versions CSPartner version 0.1

Description The issue allows remote attackers to execute arbitrary SQL commands. This is possible via the pseudo and passe parameters in the gestion.php file when magic quotes gpc is disabled.

Recommendations For CSPartner version 0.1, consider disabling the magic quotes gpc option or restricting access to the gestion.php file until a patch is available. As a temporary workaround, avoid using the pseudo and passe parameters in the affected API endpoint until the issue is resolved.