CVE-2014-9464

Name of the Vulnerable Software and Affected Versions Microweber CMS version 0.95 before 20141209

Description The issue allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the $parent id variable. This is a SQL injection vulnerability in the Category.php file.

Recommendations For Microweber CMS version 0.95 before 20141209, update to a version released after 20141209 to resolve the issue. As a temporary workaround, consider restricting access to the Category.php file or avoiding the use of the category parameter until the issue is resolved.