CVE-2007-6058

Name of the Vulnerable Software and Affected Versions ProfileCMS versions 1.0 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the id parameter in various actions across different modules, including (1) codes action in the profile-codes module, (2) videos action in the video-codes module, or (3) games action in the arcade-games module.

Recommendations For ProfileCMS versions 1.0 and earlier, as a temporary workaround, consider restricting access to the id parameter in the mentioned modules until a patch is available. Avoid using the id parameter in the affected API endpoints, such as those related to the profile-codes, video-codes, and arcade-games modules, until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.