CVE-2012-4743

Name of the Vulnerable Software and Affected Versions Siche search module version 0.5 for Zeroboard

Description The issue concerns SQL injection vulnerabilities in the ssearch.php file of the Siche search module. Remote attackers can execute arbitrary SQL commands by manipulating certain parameters. The vulnerable parameters include ss, sm, align, and category.

Recommendations For Siche search module version 0.5, consider restricting access to the ssearch.php file until a patch is available, and avoid using the ss, sm, align, and category parameters in the affected API endpoint. At the moment, there is no information about a newer version that contains a fix for this issue.