CVE-2009-2573

Name of the Vulnerable Software and Affected Versions MiniTwitter version 0.2 beta

Description The issue allows remote authenticated users to execute arbitrary SQL commands due to multiple SQL injection vulnerabilities. This occurs when the magic quotes gpc setting is disabled, and the user parameter is exploited in the /index.php and /rss.php API endpoints.

Recommendations For MiniTwitter version 0.2 beta, consider disabling the user parameter in the /index.php and /rss.php API endpoints until a patch is available. Additionally, enabling the magic quotes gpc setting can help mitigate the risk of SQL injection attacks.