CVE-2008-3251

Name of the Vulnerable Software and Affected Versions: tplSoccerSite version 1.0

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including the opp parameter to "tampereunited/opponent.php", and the id parameter to "index.php", "player.php", "matchdetails.php", or "additionalpage.php" in the "tampereunited/" directory.

Recommendations: For tplSoccerSite version 1.0, as a temporary workaround, consider restricting access to the vulnerable API endpoints, specifically "tampereunited/opponent.php", "index.php", "player.php", "matchdetails.php", and "additionalpage.php", to minimize the risk of exploitation. Avoid using the opp and id parameters in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.