CVE-2009-4203

Name of the Vulnerable Software and Affected Versions Arab Portal version 2.2

Description The issue concerns SQL injection vulnerabilities in the admin/aclass/admin func.php file. Remote attackers can execute arbitrary SQL commands by manipulating the (1) X-Forwarded-For or (2) Client-IP HTTP header in a request to the default URI under admin/.

Recommendations For Arab Portal version 2.2, consider restricting access to the admin/aclass/admin func.php file until a patch is available. As a temporary workaround, avoid using the X-Forwarded-For and Client-IP HTTP headers in requests to the default URI under admin/.