CVE-2009-2883

Name of the Vulnerable Software and Affected Versions: SaphpLesson version 4.0

Description: The issue is related to a SQL injection vulnerability. It occurs when the magic quotes gpc setting is disabled, allowing remote attackers to execute arbitrary SQL commands via the cp username parameter. This is due to an error in the CleanVar function located in includes/functions.php.

Recommendations: For SaphpLesson version 4.0, consider disabling the CleanVar function in includes/functions.php until a patch is available, or ensure that the magic quotes gpc setting is enabled to prevent SQL injection attacks. Additionally, restrict access to the admin/login.php page to minimize the risk of exploitation.