CVE-2006-0850

Name of the Vulnerable Software and Affected Versions ilchClan versions prior to 1.05g

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the login name parameter in the include/includes/user/login.php file.

Recommendations For versions prior to 1.05g, update to version 1.05g or later to resolve the issue. As a temporary workaround, consider restricting access to the login functionality to minimize the risk of exploitation. Avoid using the login name parameter in the affected login endpoint until the issue is resolved.