CVE-2009-1778

Name of the Vulnerable Software and Affected Versions: BigACE CMS version 2.5

Description: The issue concerns a SQL injection vulnerability in the new user registration feature. This vulnerability allows remote attackers to execute arbitrary SQL commands via the username parameter when magic quotes gpc is disabled.

Recommendations: For BigACE CMS version 2.5, consider disabling the new user registration feature until a patch is available, or ensure that magic quotes gpc is enabled to mitigate the risk of SQL injection attacks. Additionally, restrict access to the registration feature to minimize the risk of exploitation.