CVE-2009-4351

Name of the Vulnerable Software and Affected Versions WSCreator version 1.1

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands via the Email (also known as username) parameter in the ADMIN/loginaction.php file when magic quotes gpc is disabled.

Recommendations For WSCreator version 1.1, consider disabling the magic quotes gpc option or restricting access to the ADMIN/loginaction.php file until a patch is available. As a temporary workaround, avoid using the Email parameter in the affected file to minimize the risk of exploitation.