CVE-2009-1404

Name of the Vulnerable Software and Affected Versions PastelCMS version 0.8.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the user (Username) parameter in the "admin.php" file when magic quotes gpc is disabled.

Recommendations For PastelCMS version 0.8.0, consider disabling the admin.php file or restricting access to it until a patch is available. Additionally, enable magic quotes gpc to prevent SQL injection attacks. As a temporary workaround, avoid using the user parameter in the affected admin.php file until the issue is resolved.