CVE-2006-2128

Name of the Vulnerable Software and Affected Versions Pro Publish version 2.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including the email and password parameters to the "admin/login.php" API endpoint, the find str parameter to the "search.php" API endpoint, the artid parameter to the "art.php" API endpoint, or the catid parameter to the "cat.php" API endpoint.

Recommendations For Pro Publish version 2.0, consider restricting access to the "admin/login.php", "search.php", "art.php", and "cat.php" API endpoints until a patch is available. As a temporary workaround, avoid using the email, password, find str, artid, and catid parameters in their respective API endpoints. At the moment, there is no information about a newer version that contains a fix for this issue.