CVE-2006-6924

Name of the Vulnerable Software and Affected Versions: bitweaver versions 1.3.1 and earlier

Description: The issue allows remote attackers to obtain sensitive information by forcing a SQL error through specific API endpoints, including "blogs/list blogs.php", "fisheye/index.php", "wiki/orphan pages.php", and "wiki/list pages.php", when a sort mode query string is set to -98.

Recommendations: For bitweaver versions 1.3.1 and earlier, as a temporary workaround, consider restricting access to the affected API endpoints until a patch is available. Avoid using the sort mode parameter with a value of -98 in the affected endpoints to minimize the risk of exploitation.