CVE-2008-4082

Name of the Vulnerable Software and Affected Versions Brim version 2.0.0

Description The issue allows remote authenticated users to execute arbitrary SQL commands. This is possible due to a SQL injection vulnerability in the Tasks plugin when the magic quotes gpc setting is disabled. The vulnerability can be exploited via an arbitrary field in a search action to the "index.php" endpoint.

Recommendations For Brim version 2.0.0, consider disabling the Tasks plugin until a patch is available, or ensure that the magic quotes gpc setting is enabled to mitigate the risk of SQL injection attacks.