CVE-2008-6641

Name of the Vulnerable Software and Affected Versions Shader TV (Beta) (affected versions not specified)

Description The issue allows remote authenticated administrators to execute arbitrary SQL commands via the sid parameter to API endpoints such as "kanal.asp", "google.asp", and "hakk.asp" in the "yonet/" directory. Additionally, remote attackers can execute arbitrary SQL commands via the username or password fields to the "yonet/default.asp" endpoint.

Recommendations For Shader TV (Beta), as a temporary workaround, consider restricting access to the "yonet/" directory and its contents, such as "kanal.asp", "google.asp", "hakk.asp", and "default.asp", to minimize the risk of exploitation. Avoid using the sid parameter in the affected API endpoints until the issue is resolved. Also, restrict the use of the username and password fields in the "yonet/default.asp" endpoint to prevent arbitrary SQL command execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.