CVE-2008-6805

Name of the Vulnerable Software and Affected Versions: Mic Blog version 0.0.3

Description: The issue allows remote attackers to execute arbitrary SQL commands due to multiple SQL injection vulnerabilities. This can occur when the magic quotes gpc setting is disabled, specifically through the cat parameter to "category.php", the user parameter to "login.php", and the site parameter to "register.php".

Recommendations: For Mic Blog version 0.0.3, consider disabling the category.php, login.php, and register.php scripts until a patch is available, or ensure that the magic quotes gpc setting is enabled to mitigate the risk of SQL injection attacks. Additionally, restrict access to the cat, user, and site parameters in their respective scripts to minimize the risk of exploitation.