CVE-2009-4749

Name of the Vulnerable Software and Affected Versions PHP Live! versions 3.2.1 through 3.2.2

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the x parameter to specific API endpoints, including "message box.php" and "request.php".

Recommendations For versions 3.2.1 and 3.2.2, consider restricting access to the "message box.php" and "request.php" endpoints until a fix is available. As a temporary workaround, avoid using the x parameter in these endpoints to minimize the risk of exploitation.