CVE-2008-6911

Name of the Vulnerable Software and Affected Versions: BrewBlogger version 2.1.0.1

Description: The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through the loginUsername parameter to the "includes/logincheck.inc.php" endpoint, specifically when the magic quotes gpc setting is disabled. The vulnerability is related to the authenticateUser function in "includes/authentication.inc.php".

Recommendations: For BrewBlogger version 2.1.0.1, consider disabling the authenticateUser function until a patch is available, or restrict access to the "includes/logincheck.inc.php" endpoint to minimize the risk of exploitation. Avoid using the loginUsername parameter in the affected endpoint until the issue is resolved.