CVE-2007-0484

Name of the Vulnerable Software and Affected Versions Enthusiast version 3.1

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the cat parameter to API endpoints such as "show owned.php" and "show joined.php", and possibly other files.

Recommendations For Enthusiast version 3.1, as a temporary workaround, consider restricting access to the cat parameter in the affected API endpoints until a patch is available. Avoid using the cat parameter in the "show owned.php" and "show joined.php" files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.