CVE-2005-3877

Name of the Vulnerable Software and Affected Versions Simple Document Management System (SDMS) versions 2.0-CVS and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the folder id parameter in "list.php" and the mid parameter in a view action to "messages.php".

Recommendations For SDMS versions 2.0-CVS and earlier, consider restricting access to the list.php and messages.php files until a patch is available. As a temporary workaround, avoid using the folder id and mid parameters in the affected API endpoints.