CVE-2010-2917

Name of the Vulnerable Software and Affected Versions AJ Article version 3.0

Description The issue allows remote attackers to inject arbitrary web script or HTML via multiple parameters in an update action, specifically the emailid, fname, lname, company, address1, address2, city, state, zipcode, phone, and fax parameters in the index.php file.

Recommendations For AJ Article version 3.0, update the index.php file to properly sanitize and validate user input for the emailid, fname, lname, company, address1, address2, city, state, zipcode, phone, and fax parameters to prevent arbitrary web script or HTML injection. As a temporary workaround, consider restricting access to the update action in index.php until a proper fix is applied.