CVE-2009-0332

Name of the Vulnerable Software and Affected Versions AV Book Library versions prior to 1.1

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in unspecified parameters to various components, including API endpoints such as "admin/edit.php", "admin/add.php", and "lib/book search.php".

Recommendations For AV Book Library versions prior to 1.1, update to version 1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected API endpoints, such as "admin/edit.php", "admin/add.php", and "lib/book search.php", until a patch is available. Avoid using unspecified parameters in these endpoints until the issue is resolved.