CVE-2010-1093

Name of the Vulnerable Software and Affected Versions 1024 CMS version 2.1.1

Description A SQL injection issue allows remote attackers to execute arbitrary SQL commands. This is possible when the magic quotes gpc setting is disabled. The issue can be exploited via the id parameter in a vp action.

Recommendations For 1024 CMS version 2.1.1, consider disabling the vp action or restricting access to the rss.php file until a patch is available. Additionally, enabling magic quotes gpc can help mitigate this issue.