CVE-2006-5287

Name of the Vulnerable Software and Affected Versions Xeobook version 0.93

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the User-Agent HTTP header or specific parameters, including gb entry text, gb location, gb fullname, and gb sex.

Recommendations For Xeobook version 0.93, consider validating and sanitizing user input for the User-Agent HTTP header and the parameters gb entry text, gb location, gb fullname, and gb sex to prevent SQL injection attacks. As a temporary workaround, restrict access to the sign.php file until a patch is available.