CVE-2008-6236

Name of the Vulnerable Software and Affected Versions: Simple Document Management System (SDMS) versions 1.1.4 through 1.1.5 Simple Document Management System (SDMS) versions prior to 1.1.4

Description: The issue allows remote attackers to execute arbitrary SQL commands via the login parameter in the login.php file. This can be exploited by sending malicious input to the login endpoint.

Recommendations: For Simple Document Management System (SDMS) versions 1.1.4 through 1.1.5, consider restricting access to the login.php file until a fix is available. For Simple Document Management System (SDMS) versions prior to 1.1.4, consider upgrading to a version that is known to be secure, or restricting access to the login.php file. As a temporary workaround, consider validating and sanitizing the login parameter to prevent malicious input.