Xpoze · Xpoze Pro · CVE-2008-3089
Name of the Vulnerable Software and Affected Versions:
Xpoze Pro version 3.06
Description:
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `uid` parameter in the user.html file.
Recommendations:
For Xpoze Pro version 3.06, avoid using the `uid` parameter in the user.html file until the issue is resolved. As a temporary workaround, consider restricting access to the user.html file to minimize the risk of exploitation.