CVE-2011-0434

Name of the Vulnerable Software and Affected Versions Domain Technologie Control (DTC) versions prior to 0.32.9

Description The issue concerns multiple SQL injection vulnerabilities that can be exploited remotely, potentially leading to breaches of confidentiality, integrity, and availability of protected information. Specifically, the cid parameter in certain API endpoints, such as /admin/bw per month.php and /client/bw per month.php, is vulnerable to SQL injection attacks, allowing remote attackers to execute arbitrary SQL commands.

Recommendations For versions prior to 0.32.9, update to version 0.32.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the vulnerable API endpoints /admin/bw per month.php and /client/bw per month.php until a patch is applied. Avoid using the cid parameter in the affected API endpoints until the issue is resolved.