CVE-2006-0602

Name of the Vulnerable Software and Affected Versions Hinton Design phphg Guestbook version 1.2

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the username parameter to "check.php" or the id parameter to several admin endpoints, including "admin/edit smilie.php", "admin/add theme.php", "admin/ban ip.php", "admin/add lang.php", or "admin/edit filter.php".

Recommendations For Hinton Design phphg Guestbook version 1.2, consider restricting access to the mentioned admin endpoints and validating user input for the username and id parameters to prevent SQL injection attacks. As a temporary workaround, avoid using the username parameter in "check.php" and the id parameter in the affected admin endpoints until a patch is available.