CVE-2007-4808

Name of the Vulnerable Software and Affected Versions: TLM CMS versions 1.1 through 3.2

Description: The issue allows remote attackers to execute arbitrary SQL commands via several parameters, including id in news.php, idnews in goodies.php, id in file.php, ID in affichage.php, id sal in mod forum/afficher.php, and id sujet in mod forum/messages.php. The goodies.php and affichage.php scripts can also be reached through index.php.

Recommendations: For TLM CMS versions 1.1 through 3.2, consider disabling the affected parameters, such as id, idnews, ID, id sal, and id sujet, in their respective scripts until a patch is available. Restrict access to the vulnerable scripts, including news.php, goodies.php, file.php, affichage.php, mod forum/afficher.php, and mod forum/messages.php, to minimize the risk of exploitation.