CVE-2012-5244

Name of the Vulnerable Software and Affected Versions Banana Dance versions B.2.6 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters to different functions, including the return, display, table, or search parameter to 'functions/suggest.php', the id parameter to 'functions/widgets.php', the category parameter to 'functions/print.php', or the name parameter to 'functions/ajax.php'.

Recommendations For Banana Dance versions B.2.6 and earlier, consider restricting access to the vulnerable parameters return, display, table, search, id, category, and name in their respective functions until a patch is available. As a temporary workaround, disabling the execution of arbitrary SQL commands in these functions may help mitigate the risk.