CVE-2009-4982

Name of the Vulnerable Software and Affected Versions Irokez CMS version 0.7.1

Description The issue allows remote attackers to execute arbitrary SQL commands. This is possible due to a SQL injection vulnerability in the select function when magic quotes gpc is disabled. The vulnerability can be exploited via the PATH INFO to the default URI.

Recommendations For Irokez CMS version 0.7.1, consider disabling the select function or restricting access to it until a patch is available. Additionally, enabling magic quotes gpc can help mitigate the risk of SQL injection attacks.