CVE-2009-1952

Name of the Vulnerable Software and Affected Versions: PropertyMax Pro FREE version 0.3

Description: The issue concerns SQL injection vulnerabilities in the administrative login feature. When magic quotes gpc is disabled, remote attackers can execute arbitrary SQL commands via the username and password parameters.

Recommendations: For PropertyMax Pro FREE version 0.3, consider disabling the administrative login feature until a patch is available, and ensure magic quotes gpc is enabled to prevent exploitation. As a temporary workaround, restrict access to the login functionality to minimize the risk of SQL injection attacks.