CVE-2008-6907

Name of the Vulnerable Software and Affected Versions: 2532|Gigs version 1.2.2

Description: The issue allows remote attackers to execute arbitrary SQL commands due to multiple SQL injection vulnerabilities in the checkuser.php file. This occurs when magic quotes gpc is disabled, and attackers can exploit the username and password parameters, which are accessible from a form generated by index.php.

Recommendations: For version 1.2.2, consider disabling the checkuser.php file or restricting access to it until a patch is available. As a temporary workaround, enable magic quotes gpc to prevent SQL injection attacks. Avoid using the username and password parameters in the affected form until the issue is resolved.