Mr.Saphp · Mr.Saphp Arabic Script Mobile · CVE-2009-2394
**Name of the Vulnerable Software and Affected Versions**
SMSPages version 1.0 in Mr.Saphp Arabic Script Mobile (aka Messages Library) version 2.0
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `CatID` parameter in the "cat.php" file.
**Recommendations**
For SMSPages version 1.0 in Mr.Saphp Arabic Script Mobile (aka Messages Library) version 2.0, avoid using the `CatID` parameter in the "cat.php" file until the issue is resolved. Restrict access to the "cat.php" file to minimize the risk of exploitation.