phpYellow contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the print_me.php script not properly sanitizing user-supplied input to the 'ckey' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
Global I.S.S.A has indicated in email to OSVDB that there is a solution for this vulnerability. However, their policy prohibits them from sharing what the solution is, or how their customers can protect themselves:
"The vulnerability you refer to has been resolved.
For security we do not release the nature of the solution/s."