CVE-2012-3791

Name of the Vulnerable Software and Affected Versions Simple Web Content Management System version 1.1

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the id parameter to several API endpoints, including "item delete.php", "item status.php", "item detail.php", "item modify.php", or "item position.php" in the "admin/" directory, or the status parameter to "admin/item status.php".

Recommendations For Simple Web Content Management System version 1.1, consider restricting access to the vulnerable API endpoints, specifically "item delete.php", "item status.php", "item detail.php", "item modify.php", "item position.php", and "admin/item status.php", until a patch is available. Avoid using the id and status parameters in these endpoints to minimize the risk of exploitation.