CVE-2008-6419

Name of the Vulnerable Software and Affected Versions: Social Site Generator versions 2.0

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in three parameters: sgc id in the "display blog.php" endpoint, scm mem id in the "social my profile download.php" endpoint, and catid in the "social forum subcategories.php" endpoint.

Recommendations: For Social Site Generator version 2.0, as a temporary workaround, consider restricting access to the display blog.php, social my profile download.php, and social forum subcategories.php endpoints until a patch is available. Avoid using the sgc id, scm mem id, and catid parameters in these endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.