CVE-2009-1742

Name of the Vulnerable Software and Affected Versions: Pc4 Uploader versions 9.0 and earlier

Description: The issue allows remote attackers to conduct SQL injection attacks via crafted keyword sequences. This is achieved by exploiting the filter in the id parameter in a banner action. For example, the string "UNIunionON" is collapsed into "UNION" by the filter sql function, facilitating the attack.

Recommendations: For Pc4 Uploader versions 9.0 and earlier, consider disabling the filter sql function or restricting access to the banner action until a patch is available. Avoid using the id parameter in the affected banner action to minimize the risk of exploitation.