Logoshows · Logoshows Bbs · CVE-2009-4872
**Name of the Vulnerable Software and Affected Versions**
Logoshows BBS version 2.0
**Description**
The issue concerns SQL injection vulnerabilities in the globepersonnel login.asp file. Remote attackers can execute arbitrary SQL commands by manipulating the `username` and `password` fields.
**Recommendations**
For Logoshows BBS version 2.0, consider validating and sanitizing user input for the `username` and `password` fields to prevent SQL injection attacks. As a temporary workaround, restrict access to the globepersonnel login.asp file until a patch is available.