CVE-2007-3250

Name of the Vulnerable Software and Affected Versions: Elxis CMS versions prior to 2006.4 20070613

Description: The issue allows remote attackers to execute arbitrary SQL commands via the mb tracker cookie in the mod banners.php file. This can lead to unauthorized access and manipulation of database content. The product was patched without updating the version number, so later downloads of version 2006.4 are not affected.

Recommendations: For versions prior to 2006.4 20070613, as a temporary workaround, consider restricting access to the mod banners.php file until a patched version can be downloaded. Avoid using the mb tracker cookie in the affected module to minimize the risk of exploitation.