CVE-2010-4799

Name of the Vulnerable Software and Affected Versions Chipmunk Pwngame version 1.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This is possible via the username and password parameters to "authenticate.php" and the ID parameter to "pwn.php" when magic quotes gpc is disabled.

Recommendations For Chipmunk Pwngame version 1.0, consider disabling the authenticate.php and pwn.php scripts until a patch is available, or restrict access to these scripts to minimize the risk of exploitation. Avoid using the username, password, and ID parameters in the affected API endpoints until the issue is resolved. Additionally, enable magic quotes gpc to prevent SQL injection attacks.