CVE-2009-3494

Name of the Vulnerable Software and Affected Versions T-HTB Manager version 0.5

Description The issue allows remote attackers to execute arbitrary SQL commands due to multiple SQL injection vulnerabilities in index.php. This is possible when magic quotes gpc is disabled, and attackers can exploit it via various parameters, including the id parameter in a delete category action and the name parameter in an update category action.

Recommendations For T-HTB Manager version 0.5, consider disabling the delete category and update category actions until a patch is available, and ensure magic quotes gpc is enabled to prevent SQL injection attacks. Restrict access to the index.php file to minimize the risk of exploitation.