CVE-2006-0668

Name of the Vulnerable Software and Affected Versions PwsPHP version 1.2.3

Description The issue allows remote attackers to execute arbitrary SQL commands, possibly via the id parameter in message.php within the espace membre module. This is facilitated through an SQL injection vulnerability in index.php.

Recommendations For PwsPHP version 1.2.3, consider restricting access to the id parameter in the affected module to minimize the risk of exploitation. Avoid using the id parameter in the vulnerable index.php file until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.