CVE-2008-5638

Name of the Vulnerable Software and Affected Versions Active Price Comparison 4

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the ProductID parameter to "reviews.aspx" or the linkid parameter to "links.asp".

Recommendations For Active Price Comparison 4, consider restricting access to the "reviews.aspx" and "links.asp" pages until a patch is available. As a temporary workaround, avoid using the ProductID and linkid parameters in the affected API endpoints until the issue is resolved.