CVE-2009-1585

Name of the Vulnerable Software and Affected Versions: TemaTres version 1.031

Description: The issue allows remote attackers to execute arbitrary SQL commands when magic quotes gpc is disabled. This is achieved via the id correo electronico and id password parameters to the "login.php" endpoint.

Recommendations: For TemaTres version 1.031, consider disabling the login functionality until a patch is available, or restrict access to the "login.php" endpoint to minimize the risk of exploitation. Avoid using the id correo electronico and id password parameters in the affected endpoint until the issue is resolved. Enable magic quotes gpc to prevent SQL injection attacks.