CVE-2006-2565

Name of the Vulnerable Software and Affected Versions Alstrasoft Article Manager Pro version 1.6

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the author id parameter in "profile.php" and the aut id parameter in "userarticles.php". If the SQL manipulation is invalid, the aut id vector can also produce resultant path disclosure.

Recommendations For Alstrasoft Article Manager Pro version 1.6, consider restricting access to the profile.php and userarticles.php scripts until a fix is available. As a temporary workaround, avoid using the author id and aut id parameters in the affected scripts.