Knxone

Name of the Vulnerable Software and Affected Versions: LuxBum version 0.5.5 Description: The issue allows remote attackers to execute arbitrary SQL commands via the `username` parameter in a login action, specifically when `magic quotes gpc` is disabled and dotclear authentication is used. This occurs due to a SQL injection vulnerability in the `manager.php` file. Recommendations: For LuxBum version 0.5.5, consider disabling the dotclear authentication or restricting access to the `manager.php` file until a patch is available. Additionally, enabling `magic quotes gpc` may help mitigate the risk of exploitation. Avoid using the `username` parameter in the affected login action until the issue is resolved.