CVE-2010-2015

Name of the Vulnerable Software and Affected Versions LiSK CMS version 4.4

Description The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This can be achieved via the id parameter in a view inbox action to "cp/cp messages.php" or the id parameter to "cp/edit email.php".

Recommendations For LiSK CMS version 4.4, consider restricting access to the "cp/cp messages.php" and "cp/edit email.php" scripts until a patch is available, and avoid using the id parameter in these scripts to minimize the risk of exploitation.