CVE-2008-6614

Name of the Vulnerable Software and Affected Versions Implied By Design (IBD) Micro CMS version 3.5 (aka 0.3.5)

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the administrators username parameter (also known as the Username field) or the administrators pass parameter (also known as the Password field) in the microcms-admin-login.php file.

Recommendations For Implied By Design (IBD) Micro CMS version 3.5 (aka 0.3.5), consider restricting access to the microcms-admin-login.php file until a patch is available. As a temporary workaround, avoid using the administrators username and administrators pass parameters in the affected login functionality to minimize the risk of exploitation.