CVE-2006-1766

Name of the Vulnerable Software and Affected Versions Papoo versions 2.1.5 and 3 beta1 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the getlang and reporeid parameters in "index.php", the menuid parameter in "plugin.php" and "forumthread.php", and the msgid parameter in "forumthread.php".

Recommendations For Papoo versions 2.1.5 and 3 beta1 and earlier, consider restricting access to the getlang, reporeid, menuid, and msgid parameters in the affected API endpoints until a patch is available. As a temporary workaround, consider disabling the execution of SQL commands via these parameters until a fix is released. At the moment, there is no information about a newer version that contains a fix for this vulnerability.