CVE-2009-1655

Name of the Vulnerable Software and Affected Versions: Easy Scripts Answer and Question Script (affected versions not specified)

Description: The issue concerns SQL injection vulnerabilities in the myaccount.php file. These vulnerabilities allow remote authenticated users to execute arbitrary SQL commands. The vulnerabilities can be exploited via the userid parameter and the password.

Recommendations: For all affected versions, consider restricting access to the myaccount.php file until a patch is available. As a temporary workaround, avoid using the userid parameter in the affected file to minimize the risk of exploitation. Additionally, restrict the use of password inputs in myaccount.php to reduce the risk of SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.