CVE-2009-0597

Name of the Vulnerable Software and Affected Versions w3b>cms (aka w3blabor CMS) versions prior to 3.4.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the benutzername parameter in a login action, specifically when magic quotes gpc is disabled.

Recommendations For versions prior to 3.4.0, update to version 3.4.0 or later to resolve the issue. As a temporary workaround, consider enabling magic quotes gpc to mitigate the risk of SQL injection attacks. Additionally, restrict access to the admin/index.php page to minimize the risk of exploitation. Avoid using the benutzername parameter in the login action until the issue is resolved.