CVE-2009-2120

Name of the Vulnerable Software and Affected Versions TekBase All-in-One version 3.1

Description The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via the ids parameter to "admin.php" and the y parameter to "members.php". One of the vectors requires administrative access.

Recommendations For version 3.1, consider restricting access to the "admin.php" and "members.php" scripts until a patch is available. As a temporary workaround, avoid using the ids and y parameters in the affected API endpoints.