CVE-2009-0447

Name of the Vulnerable Software and Affected Versions MyDesign Sayac version 2.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the user parameter (also known as the UserName field) or the pass parameter (also known as the Pass field) to specific API endpoints, such as (a) admin/admin.asp or (b) the default URI under admin/.

Recommendations For MyDesign Sayac version 2.0, consider restricting access to the admin/admin.asp and default URI under admin/ endpoints to minimize the risk of exploitation. Avoid using the user and pass parameters in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.