CVE-2007-0971

Name of the Vulnerable Software and Affected Versions: Jupiter CMS version 1.1.5

Description: The issue allows remote attackers to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers. This is done by setting the ip variable used in SQL queries performed by index.php and other PHP scripts. The attack vector might involve SERVER.

Recommendations: For Jupiter CMS version 1.1.5, consider validating and sanitizing all input data, including HTTP headers, to prevent SQL injection attacks. As a temporary workaround, restrict access to index.php and other affected PHP scripts until a patch is available. Avoid using the ip variable in SQL queries until the issue is resolved.