CVE-2011-3838

Name of the Vulnerable Software and Affected Versions Wuzly version 2.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including the u parameter to "fp.php", the epage parameter to "newpage.php", the epost parameter to "newpost.php", and the username parameter to "login.php" in the "admin/" directory, as well as the username parameter to "mobile/login.php".

Recommendations For Wuzly version 2.0, consider restricting access to the mentioned API endpoints, such as "fp.php", "newpage.php", "newpost.php", and "login.php" in the "admin/" directory, as well as "mobile/login.php", until a patch is available. Avoid using the u, epage, epost, and username parameters in these endpoints to minimize the risk of exploitation.