Phil Taylor · Phil Taylor Comments · CVE-2008-0773
**Name of the Vulnerable Software and Affected Versions**
Phil Taylor Comments (com comments, aka Review Script) versions 0.5.8.5g and earlier
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the `id` parameter.
**Recommendations**
For versions 0.5.8.5g and earlier, avoid using the `id` parameter in affected API endpoints until the issue is resolved.