CVE-2010-3481

Name of the Vulnerable Software and Affected Versions ApPHP PHP MicroCMS version 1.0.1

Description The issue allows remote attackers to execute arbitrary SQL commands, possibly related to include/classes/Login.php, when magic quotes gpc is disabled. This is achieved via the user name and potentially the password variables in login.php.

Recommendations For ApPHP PHP MicroCMS version 1.0.1, consider disabling the login functionality until a patch is available, or enable magic quotes gpc to mitigate the risk of SQL injection attacks. As a temporary workaround, restrict access to the login.php file to minimize the risk of exploitation.