CVE-2008-2678

Name of the Vulnerable Software and Affected Versions Telephone Directory 2008

Description The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. This can be achieved via the code parameter in a confirm data action to "edit1.php" and the id parameter to "view more.php", but only when magic quotes gpc is disabled.

Recommendations For Telephone Directory 2008, consider disabling the magic quotes gpc option to prevent SQL injection attacks. As a temporary workaround, restrict access to the "edit1.php" and "view more.php" scripts until a patch is available. Avoid using the code and id parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.