CVE-2009-2018

Name of the Vulnerable Software and Affected Versions MyCars (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through a SQL injection vulnerability in the admin/index.php file when magic quotes gpc is disabled. The vulnerability is exploited via the authuserid parameter.

Recommendations For MyCars, consider disabling the use of the authuserid parameter in the admin/index.php file until a patch is available. Restrict access to the admin/index.php file to minimize the risk of exploitation.