CVE-2011-5313

Name of the Vulnerable Software and Affected Versions Redaxscript version 0.3.2

Description The issue concerns SQL injection vulnerabilities in the includes/password.php file. Remote attackers can execute arbitrary SQL commands by manipulating the id or password parameters in the password reset program. No information is available about the estimated number of potentially affected devices or real-world incidents.

Recommendations For Redaxscript version 0.3.2, consider restricting access to the password reset program until a fix is available, and avoid using the id and password parameters in this program to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.