Dzoic · Dzoic Handshakes · CVE-2008-2781
**Name of the Vulnerable Software and Affected Versions**
DZOIC Handshakes version 3.5
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `fname` parameter in a "members search" action, specifically targeting the index.php file.
**Recommendations**
For DZOIC Handshakes version 3.5, consider restricting access to the `fname` parameter in the "members search" action until a patch is available. As a temporary workaround, avoid using the `fname` parameter in the affected API endpoint until the issue is resolved.