CVE-2011-0407

Name of the Vulnerable Software and Affected Versions Phenotype CMS version 3.0

Description The issue allows remote attackers to execute arbitrary SQL commands via a crafted URI. This can be demonstrated by accessing a specific endpoint, such as "Gallery/gal id/1/image1,1.html".

Recommendations For Phenotype CMS version 3.0, consider restricting access to the store function in the phenotype/system/class/PhenoTypeDataObject.class.php file until a patch is available. As a temporary workaround, avoid using crafted URIs that could exploit the SQL injection vulnerability.