CVE-2007-0112

Name of the Vulnerable Software and Affected Versions cats.asp (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary SQL commands via the catid parameter in the createauction function. This can be done by exploiting the SQL injection vulnerability in the cats.asp file.

Recommendations For cats.asp, consider restricting access to the createauction function until a patch is available. As a temporary workaround, avoid using the catid parameter in the affected API endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.