CVE-2008-7097

Name of the Vulnerable Software and Affected Versions Qsoft K-Rate Premium (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several variables, including the $id variable in admin/includes/dele cpac.php, the $ord[order id] variable in payments/payment received.php, and the $id variable in includes/functions.php. Additionally, unspecified variables in modules/chat.php are vulnerable. Exploitation can occur through various parameters, such as the show parameter in an online action to index.php, PATH INFO to the room/ and blog/ handlers, and the id parameter in a blog edit action to index.php. The image parameter in a vote action to index.php is also a vector for exploitation.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.