CVE-2004-2669

Name of the Vulnerable Software and Affected Versions Land Down Under (LDU) version v701

Description The issue allows remote attackers to execute arbitrary SQL commands or obtain the installation path. This can be achieved through multiple parameters in different PHP files, including s, w, and d in "users.php", id in "comments.php", rusername in "auth.php", or h in "plug.php".

Recommendations For Land Down Under (LDU) version v701, consider restricting access to the vulnerable parameters s, w, d, id, rusername, and h in their respective PHP files until a patch is available. As a temporary workaround, disabling the execution of arbitrary SQL commands in these parameters can help minimize the risk of exploitation.