CVE-2009-1583

Name of the Vulnerable Software and Affected Versions: TemaTres versions 1.0.3 through 1.031

Description: The issue allows remote attackers to inject arbitrary web script or HTML via several parameters, including the search form, expresion de busqueda, letra, estado id, and tema parameters to index.php, the PATH INFO to index.php, unspecified parameters when editing a term as specified by the edit id and tema parameters to index.php, and the y, ord, and m parameters to sobre.php.

Recommendations: For TemaTres versions 1.0.3 through 1.031, consider disabling the search form and restricting access to the index.php and sobre.php files until a patch is available. Avoid using the expresion de busqueda, letra, estado id, tema, y, ord, and m parameters in the affected API endpoints until the issue is resolved. Restrict access to the edit id and tema parameters when editing a term to minimize the risk of exploitation.