CVE-2007-3814

Name of the Vulnerable Software and Affected Versions: MKPortal version 1.1.1

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several vectors, including the idurlo field in the delete urlo function in index.php of the urlobox module, the iden field in the update file and del file functions in index.php of the reviews module, the idnews field in the delete news function and the idcomm field in the del comment function in index.php of the news module, the idcomm field in the delete comments function in index.php of the gallery module, the iden field in the edit file, update file, and del file functions in index.php of the gallery module, the ide and cat fields in the slide update function in index.php of the gallery module, and the iden field in the update file and del file functions in index.php of the downloads module.

Recommendations: As a temporary workaround, consider disabling the delete urlo, update file, del file, delete news, del comment, delete comments, edit file, slide update functions until a patch is available. Restrict access to the idurlo, iden, idnews, idcomm, ide, and cat fields in the affected modules to minimize the risk of exploitation. Avoid using these fields in the respective API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.