CVE-2007-6004

Name of the Vulnerable Software and Affected Versions Toko Instan version 7.6

Description The issue concerns SQL injection vulnerabilities in the index.php file. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. This can be achieved via two parameters: the id parameter in an 'artikel' action or the katid parameter in a 'produk' action.

Recommendations For Toko Instan version 7.6, consider restricting access to the id and katid parameters in the 'artikel' and 'produk' actions, respectively, until a patch is available. As a temporary workaround, avoid using these parameters in the affected API endpoint.