CVE-2009-2545

Name of the Vulnerable Software and Affected Versions Advanced Electron Forum (AEF) version 1.x

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by uploading an attachment with a specially crafted filename when the magic quotes gpc setting is disabled.

Recommendations For Advanced Electron Forum (AEF) version 1.x, consider enabling the magic quotes gpc setting to prevent SQL injection attacks. As a temporary workaround, restrict the ability to upload attachments until a more permanent solution is implemented.