CVE-2010-4609

Name of the Vulnerable Software and Affected Versions Html-edit CMS version 3.1.8

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the nuser parameter in a "registrate" action. The endpoint involved is not explicitly specified, but it is related to the "index.php" file.

Recommendations For Html-edit CMS version 3.1.8, consider restricting access to the "registrate" action in the index.php file until a patch is available. As a temporary workaround, avoid using the nuser parameter in this action to minimize the risk of exploitation.