CVE-2009-2924

Name of the Vulnerable Software and Affected Versions: Videos Broadcast Yourself 2 (affected versions not specified)

Description: The issue concerns multiple SQL injection vulnerabilities. These vulnerabilities allow remote attackers to execute arbitrary SQL commands. The vulnerable parameters include the UploadID parameter to "videoint.php", and possibly the cat id parameter to "catvideo.php" and the uid parameter to "cviewchannels.php".

Recommendations: For Videos Broadcast Yourself 2, consider restricting access to the videoint.php, catvideo.php, and cviewchannels.php scripts until a patch is available. As a temporary workaround, avoid using the UploadID, cat id, and uid parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.