CVE-2010-2340

Name of the Vulnerable Software and Affected Versions Arab Portal version 2.2

Description The issue allows remote attackers to execute arbitrary SQL commands. This is possible due to a SQL injection vulnerability in the members.php file when the magic quotes gpc setting is disabled. The vulnerability can be exploited via the by parameter in the "msearch" action.

Recommendations For Arab Portal version 2.2, consider disabling the msearch action in members.php until a patch is available, or enable the magic quotes gpc setting to prevent SQL injection attacks.