CVE-2006-4960

Name of the Vulnerable Software and Affected Versions Php Blue Dragon versions 2.9.1 and earlier

Description A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the m parameter. This parameter is reflected in an error message resulting from a failed SQL query.

Recommendations For versions 2.9.1 and earlier, as a temporary workaround, consider validating and sanitizing the m parameter to prevent injection of malicious scripts. Restrict access to the index.php file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.