CVE-2006-2062

Name of the Vulnerable Software and Affected Versions Leadhound Full and LITE version 2.1 Leadhound Network Version "Full Version"

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via various parameters in different files, including the banner parameter in "agent links.pl", the offset parameter in "agent links.pl", "agent transactions.pl", "agent subaffiliates.pl", and "agent summary.pl", the camp id parameter in "agent transactions csv.pl", "agent subaffiliates.pl", and "agent camp det.pl", the login parameter in "agent commission statement.pl", the logged parameter in "agent commission statement.pl" and "agent camp det.pl", the agent id parameter in "agent commission statement.pl", and the sub parameter in unspecified files.

Recommendations For Leadhound Full and LITE version 2.1, restrict access to the vulnerable parameters, such as banner, offset, camp id, login, logged, agent id, and sub, in the respective files until a patch is available. For Leadhound Network Version "Full Version", consider disabling the execution of SQL commands from the specified parameters in the mentioned files as a temporary workaround. At the moment, there is no information about a newer version that contains a fix for this vulnerability.