CVE-2008-5877

Name of the Vulnerable Software and Affected Versions Phpclanwebsite versions 1.23.3 Fix Pack 5 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands due to multiple SQL injection vulnerabilities. This can be achieved via various parameters, including the page parameter to "index.php", form id parameter to "pcw/processforms.php", pcwlogin and pcw pass parameters to "pcw/setlogin.php", searchvalue parameter to "pcw/downloads.php", and the searchvalue and whichfield parameters to "pcw/downloads.php". These vulnerabilities are exploitable when magic quotes gpc is disabled.

Recommendations For Phpclanwebsite versions 1.23.3 Fix Pack 5 and earlier, consider disabling the affected parameters, such as page, form id, pcwlogin, pcw pass, searchvalue, and whichfield, until a patch is available. Additionally, enabling magic quotes gpc may help mitigate the risk of exploitation. However, the most effective solution would be to update to a version where these vulnerabilities are fixed, once such a version is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.