PT-2010-2234 · Enano · Enano Cms
Published
2010-02-02
·
Updated
2010-06-23
·
CVE-2010-0471
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Enano CMS versions prior to 1.0.6pl1
Description
The issue concerns a SQL injection vulnerability in the comment submission interface, specifically in the includes/comment.php file. This vulnerability allows remote attackers to execute arbitrary SQL commands.
Recommendations
For versions prior to 1.0.6pl1, update to version 1.0.6pl1 or later to resolve the issue. As a temporary workaround, consider restricting access to the comment submission interface until the update is applied.
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Enano Cms