CVE-2006-3959

Name of the Vulnerable Software and Affected Versions X-Scripts X-Protection version 1.10

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through a SQL injection vulnerability in the protect.php file, specifically when magic quotes gpc is disabled. The vulnerability can be exploited via the username and password parameters.

Recommendations For X-Scripts X-Protection version 1.10, consider disabling the protect.php file or restricting access to it until a patch is available. As a temporary workaround, enable magic quotes gpc to prevent SQL injection attacks. Avoid using the username and password parameters in the protect.php file until the issue is resolved.