Phpwebnews · Phpwebnews · CVE-2008-6812
Name of the Vulnerable Software and Affected Versions:
phpWebNews version 0.2 MySQL Edition
Description:
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `det` parameter in the bukutamu.php file.
Recommendations:
For phpWebNews version 0.2 MySQL Edition, consider restricting access to the bukutamu.php file until a patch is available. As a temporary workaround, avoid using the `det` parameter in the affected API endpoint.