CVE-2010-4834

Name of the Vulnerable Software and Affected Versions OneOrZero AIMS versions 2.6.0 through 2.7.0

Description The issue allows remote authenticated users to execute arbitrary SQL commands. This can be achieved via the id parameter in a "saved search" action and the item types parameter in a "show item search" action within the "search management manage" subcontroller.

Recommendations For OneOrZero AIMS versions 2.6.0 through 2.7.0, consider restricting access to the "search management manage" subcontroller until a patch is available. As a temporary workaround, avoid using the id and item types parameters in the affected actions to minimize the risk of exploitation.