Nafsh

**Name of the Vulnerable Software and Affected Versions** DeDeCMS version 5.6 **Description** The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved by manipulating the `id` parameter in the following API endpoints: "list.php", "members.php", or "book.php". **Recommendations** For DeDeCMS version 5.6, as a temporary workaround, consider restricting access to the `id` parameter in the affected API endpoints until a patch is available. Avoid using the `id` parameter in the "list.php", "members.php", and "book.php" endpoints to minimize the risk of exploitation.