CVE-2017-18346

Name of the Vulnerable Software and Affected Versions CMS Web-Gooroo versions prior to 2013-01-19

Description The issue allows remote attackers to execute arbitrary SQL commands via the wbg login parameter in the /wbg/core/ includes/authorization.inc.php file. This enables attackers to inject malicious SQL code, potentially leading to unauthorized data access or modification.

Recommendations For CMS Web-Gooroo versions prior to 2013-01-19, consider restricting access to the /wbg/core/ includes/authorization.inc.php file to minimize the risk of exploitation. As a temporary workaround, avoid using the wbg login parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.