Rtg · Rtg · CVE-2012-3881
**Name of the Vulnerable Software and Affected Versions**
RTG version 0.7.4
RTG2 version 0.9.2
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved by exploiting SQL injection vulnerabilities via unspecified parameters to API endpoints such as "95.php", "view.php", or "rtg.php".
**Recommendations**
For RTG version 0.7.4, avoid using the parameters in the affected API endpoints until the issue is resolved.
For RTG2 version 0.9.2, restrict access to the vulnerable API endpoints "95.php", "view.php", and "rtg.php" to minimize the risk of exploitation.