CVE-2008-7075

Name of the Vulnerable Software and Affected Versions Kalptaru Infotech Ltd. Star Articles version 6.0

Description The issue allows remote attackers to inject arbitrary SQL commands. This can be achieved via several parameters and endpoints, including the subcatid parameter to "article.list.php", the artid parameter to "article.print.php", "article.comments.php", "article.publisher.php", or "article.download.php", and the PATH INFO to "article.download.php".

Recommendations For Kalptaru Infotech Ltd. Star Articles version 6.0, consider restricting access to the vulnerable API endpoints, such as "article.list.php", "article.print.php", "article.comments.php", "article.publisher.php", and "article.download.php", until a patch is available. Avoid using the subcatid and artid parameters in the affected endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.