CVE-2008-1726

Name of the Vulnerable Software and Affected Versions KnowledgeQuest version 2.6

Description The issue allows remote attackers to execute arbitrary SQL commands due to multiple SQL injection vulnerabilities. This is possible when the magic quotes gpc setting is disabled. The vulnerabilities can be exploited through specific parameters in various PHP files, including the kqid parameter in "articletext.php" and "articletextonly.php", and the username parameter in "logincheck.php".

Recommendations For KnowledgeQuest version 2.6, consider disabling the kqid parameter in "articletext.php" and "articletextonly.php" and the username parameter in "logincheck.php" until a patch is available. Additionally, enabling the magic quotes gpc setting can help mitigate the risk of SQL injection attacks.