CVE-2006-2504

Name of the Vulnerable Software and Affected Versions mono AZBOARD versions 1.0 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the search and cate parameters to the "list.asp" endpoint, and the id and cate parameters to the "admin ok.asp" endpoint.

Recommendations For mono AZBOARD versions 1.0 and earlier, consider restricting access to the "list.asp" and "admin ok.asp" endpoints until a fix is available. As a temporary workaround, avoid using the search, cate, and id parameters in these endpoints to minimize the risk of exploitation.