CVE-2008-2691

Name of the Vulnerable Software and Affected Versions JiRo's FAQ Manager eXperience version 1.0

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved by manipulating the fID parameter in the "read.asp" file.

Recommendations For JiRo's FAQ Manager eXperience version 1.0, avoid using the fID parameter in the read.asp file until the issue is resolved. As a temporary workaround, consider restricting access to the read.asp file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.