CVE-2009-1584

Name of the Vulnerable Software and Affected Versions: TemaTres versions 1.0.3 through 1.031

Description: The issue allows remote attackers or remote authenticated users to execute arbitrary SQL commands. This is possible via several parameters in different PHP files, including mail, password, and letra parameters to "index.php", y and m parameters to "sobre.php", and dcTema, madsTema, zthesTema, skosTema, and xtmTema parameters to "xml.php". The exploitation is possible when magic quotes gpc is disabled.

Recommendations: For TemaTres versions 1.0.3 through 1.031, consider disabling the execution of SQL commands via the mentioned parameters as a temporary workaround until a patch is available. Restrict access to the index.php, sobre.php, and xml.php files to minimize the risk of exploitation. Avoid using the mail, password, letra, y, m, dcTema, madsTema, zthesTema, skosTema, and xtmTema parameters in the affected API endpoints until the issue is resolved.