Adult Php Tube Script · Tube Ace · CVE-2012-1029
**Name of the Vulnerable Software and Affected Versions**
Tube Ace (Adult PHP Tube Script) version 1.6
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `q` parameter in the "mobile/search/index.php" endpoint.
**Recommendations**
For Tube Ace (Adult PHP Tube Script) version 1.6, avoid using the `q` parameter in the "mobile/search/index.php" endpoint until the issue is resolved. As a temporary workaround, consider restricting access to the "mobile/search/index.php" endpoint to minimize the risk of exploitation.