CVE-2010-4638

Name of the Vulnerable Software and Affected Versions JQuarks4s (com jquarks4s) component version 1.0.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This is possible due to a SQL injection vulnerability in the submitSurvey function in controller.php, when magic quotes gpc is disabled. The vulnerability can be exploited via the q parameter in a submitSurvey action to "index.php".

Recommendations For JQuarks4s (com jquarks4s) component version 1.0.0, consider disabling the submitSurvey function in controller.php until a patch is available. Restrict access to the "index.php" endpoint to minimize the risk of exploitation. Avoid using the q parameter in the submitSurvey action until the issue is resolved.