Unknown · The Next Generation Of Genealogy Sitebuilding · CVE-2017-20017
**Name of the Vulnerable Software and Affected Versions**
The Next Generation of Genealogy Sitebuilding versions up to 11.1.0
**Description**
A critical issue has been found in the processing of the file /timeline2.php, where the manipulation of the `primaryID` argument leads to sql injection. The attack can be initiated remotely.
**Recommendations**
For versions up to 11.1.0, upgrade to version 11.1.1 to address this issue. As a temporary workaround, consider restricting access to the /timeline2.php file until the upgrade is applied. Avoid using the `primaryID` argument in the affected file until the issue is resolved.