Saphplesson · Saphplesson · CVE-2006-2279
**Name of the Vulnerable Software and Affected Versions**
SaphpLesson version 3.0
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the `Find` parameter in the "search.php" API endpoint, and the `LID` and `Rate` parameters in the "misc.php" API endpoint.
**Recommendations**
For SaphpLesson version 3.0, consider restricting access to the "search.php" and "misc.php" API endpoints until a patch is available. As a temporary workaround, avoid using the `Find`, `LID`, and `Rate` parameters in these endpoints to minimize the risk of exploitation.