CVE-2009-3313

Name of the Vulnerable Software and Affected Versions FMyClone version 2.3

Description The issue allows remote attackers to execute arbitrary SQL commands via the comp parameter to "index.php" and "editComments.php". Additionally, remote authenticated administrators can execute arbitrary SQL commands via the id parameter in a comment action to "edit.php".

Recommendations For FMyClone version 2.3, consider restricting access to the comp parameter in "index.php" and "editComments.php", and the id parameter in "edit.php" to minimize the risk of exploitation. Avoid using the comp and id parameters in the affected API endpoints until the issue is resolved.