CVE-2006-3054

Name of the Vulnerable Software and Affected Versions VBZooM version 1.11

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the sobjectID or MAINID parameters to the "show.php" endpoint, or the MainID parameter to the "subject.php" endpoint.

Recommendations For VBZooM version 1.11, consider restricting access to the "show.php" and "subject.php" endpoints until a patch is available. As a temporary workaround, avoid using the sobjectID, MAINID, and MainID parameters in these endpoints to minimize the risk of exploitation.