Tinx · Tinx/Cms · CVE-2009-0825
**Name of the Vulnerable Software and Affected Versions**
TinX/cms versions 3.x before 3.5.1
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `id` parameter in the system/rss.php file.
**Recommendations**
For versions prior to 3.5.1, update to version 3.5.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the system/rss.php file until a patch is applied. Avoid using the `id` parameter in the affected file until the issue is resolved.