CVE-2010-2855

Name of the Vulnerable Software and Affected Versions Event Horizon (EVH) version 1.1.10

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved through SQL injection vulnerabilities in the modfile.php file, specifically when the magic quotes gpc setting is disabled. The vulnerable parameters are YourEmail and VerificationNumber.

Recommendations For Event Horizon (EVH) version 1.1.10, consider disabling the modfile.php file or restricting access to it until a fix is available. As a temporary workaround, enable the magic quotes gpc setting to prevent SQL injection attacks via the YourEmail and VerificationNumber parameters.