CVE-2010-4851

Name of the Vulnerable Software and Affected Versions Eclime version 1.1.2b

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the ref or poll id parameter to "index.php", or the country parameter to "create account.php".

Recommendations For Eclime version 1.1.2b, avoid using the ref, poll id, and country parameters in the affected API endpoints until the issue is resolved. Restrict access to "index.php" and "create account.php" to minimize the risk of exploitation.