CVE-2009-1913

Name of the Vulnerable Software and Affected Versions: LuxBum version 0.5.5

Description: The issue allows remote attackers to execute arbitrary SQL commands via the username parameter in a login action, specifically when magic quotes gpc is disabled and dotclear authentication is used. This occurs due to a SQL injection vulnerability in the manager.php file.

Recommendations: For LuxBum version 0.5.5, consider disabling the dotclear authentication or restricting access to the manager.php file until a patch is available. Additionally, enabling magic quotes gpc may help mitigate the risk of exploitation. Avoid using the username parameter in the affected login action until the issue is resolved.