Tekbase · Tekbase All-In-One · CVE-2009-2120
**Name of the Vulnerable Software and Affected Versions**
TekBase All-in-One version 3.1
**Description**
The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via the `ids` parameter to "admin.php" and the `y` parameter to "members.php". One of the vectors requires administrative access.
**Recommendations**
For version 3.1, consider restricting access to the "admin.php" and "members.php" scripts until a patch is available. As a temporary workaround, avoid using the `ids` and `y` parameters in the affected API endpoints.