CVE-2008-2561

Name of the Vulnerable Software and Affected Versions 427BB version 2.3.1

Description The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the PATH INFO to certain PHP files, including "register.php", "reminder.php", and "search.php". Additionally, vulnerabilities exist in specific parameters: uname, email, and email2 in "register.php", email in "reminder.php", and keywords in "search.php".

Recommendations For version 2.3.1, consider disabling the affected PHP files ("register.php", "reminder.php", and "search.php") or restricting access to them until a patch is available. As a temporary workaround, avoid using the vulnerable parameters uname, email, email2, and keywords in the respective API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.