CVE-2007-4522

Name of the Vulnerable Software and Affected Versions Ripe Website Manager versions 0.8.9 and earlier

Description The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved through various API endpoints and parameters, including: the id parameter to "pages/delete page.php", "navigation/delete menu.php", and "navigation/delete item.php" in the "admin/" directory; the menu id, name, page id, and url parameters in "admin/navigation/do new item.php"; the new menuname parameter in "admin/navigation/do new nav.php"; and the area1, name, and url parameters to "admin/pages/do new page.php". Some vectors might also be reachable through the url and name parameters to "admin/navigation/new nav item.php".

Recommendations For Ripe Website Manager versions 0.8.9 and earlier, consider disabling access to the specified API endpoints, such as "pages/delete page.php", "navigation/delete menu.php", "navigation/delete item.php", "admin/navigation/do new item.php", "admin/navigation/do new nav.php", and "admin/pages/do new page.php", until a patch is available. Restrict the use of vulnerable parameters, including id, menu id, name, page id, url, new menuname, and area1, in the affected endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.