CVE-2010-0952

Name of the Vulnerable Software and Affected Versions OneCMS version 2.5

Description The issue allows remote attackers to execute arbitrary SQL commands. This is possible when the magic quotes gpc setting is disabled. The vulnerability can be exploited via the user parameter in an elite action in the index.php file.

Recommendations For OneCMS version 2.5, consider enabling the magic quotes gpc setting to prevent SQL injection attacks. As a temporary workaround, restrict access to the index.php file or avoid using the user parameter in elite actions until a patch is available.