CVE-2008-3588

Name of the Vulnerable Software and Affected Versions phsBlog version 0.1.1

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in three parameters: eid in comments.php, cid in index.php, and urltitle in entries.php.

Recommendations For phsBlog version 0.1.1, consider restricting access to the vulnerable parameters eid, cid, and urltitle in their respective files until a patch is available. Avoid using these parameters in the affected API endpoints comments.php, index.php, and entries.php until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.