CVE-2007-1417

Name of the Vulnerable Software and Affected Versions HC NEWSSYSTEM versions 1.0 through 1.0-4

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the ID parameter in a komm aktion. The /index.php endpoint is affected.

Recommendations For HC NEWSSYSTEM versions 1.0 through 1.0-4, avoid using the ID parameter in the komm aktion until the issue is resolved. As a temporary workaround, consider restricting access to the /index.php endpoint to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.