CVE-2009-3175

Name of the Vulnerable Software and Affected Versions Model Agency Manager PRO (affected versions not specified)

Description The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved through the user id parameter to API endpoints such as "view.php", "photos.php", and "motm.php", as well as the id parameter to "forum message.php".

Recommendations For Model Agency Manager PRO, consider restricting access to the user id parameter in the "view.php", "photos.php", and "motm.php" API endpoints, and the id parameter in the "forum message.php" endpoint until a patch is available. As a temporary workaround, avoid using the user id and id parameters in the affected API endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.