CVE-2011-5230

Name of the Vulnerable Software and Affected Versions Seotoaster versions 1.9 and earlier

Description The issue concerns SQL injection vulnerabilities in the selectUserIdByLoginPass function. Remote attackers can execute arbitrary SQL commands via the login parameter to "sys/login/index" or the memberLoginName parameter to "sys/login/member".

Recommendations For Seotoaster versions 1.9 and earlier, as a temporary workaround, consider disabling the selectUserIdByLoginPass function until a patch is available. Restrict access to the "sys/login/index" and "sys/login/member" API endpoints to minimize the risk of exploitation. Avoid using the login and memberLoginName parameters in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.