CVE-2006-4606

Name of the Vulnerable Software and Affected Versions php-Revista version 1.1.2

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters in different PHP files, including the id temas parameter in "busqueda tema.php", the cadena parameter in "busqueda.php", the id autor parameter in "autor.php", the email parameter in "lista.php", and the id articulo parameter in "articulo.php".

Recommendations For php-Revista version 1.1.2, consider validating and sanitizing user input for the id temas, cadena, id autor, email, and id articulo parameters to prevent SQL injection attacks. As a temporary workaround, restrict access to the affected PHP files until a patch is available.