CVE-2008-5954

Name of the Vulnerable Software and Affected Versions KTP Computer Customer Database (KTPCCD) CMS (affected versions not specified)

Description A SQL injection issue exists, allowing remote attackers to execute arbitrary SQL commands. This occurs when the magic quotes gpc setting is disabled, and an attacker sends a malicious request to an unspecified component, targeting the lname parameter in a login action.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.