CVE-2009-2881

Name of the Vulnerable Software and Affected Versions: Basilic version 1.5.13

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the idAuthor parameter to API endpoints such as "index.php" and possibly "allpubs.php" in the publications directory.

Recommendations: For version 1.5.13, avoid using the idAuthor parameter in the affected API endpoints until the issue is resolved. As a temporary workaround, consider restricting access to the "index.php" and "allpubs.php" files in the publications directory to minimize the risk of exploitation.