CVE-2008-4757

Name of the Vulnerable Software and Affected Versions PHP-Daily (affected versions not specified)

Description The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This is achieved through the id parameter in scripts such as add postit.php, delete.php, and mod prest date.php, and the prev parameter in prest detail.php. No information is provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations For PHP-Daily, consider restricting access to the add postit.php, delete.php, mod prest date.php, and prest detail.php scripts until a fix is available. As a temporary workaround, avoid using the id and prev parameters in the affected scripts. At the moment, there is no information about a newer version that contains a fix for this vulnerability.