PT-2010-3926 · Arab Portal · Arab Portal
Published
2010-06-18
·
Updated
2010-06-21
·
CVE-2010-2340
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Arab Portal version 2.2
Description
The issue allows remote attackers to execute arbitrary SQL commands. This is possible due to a SQL injection vulnerability in the members.php file when the magic quotes gpc setting is disabled. The vulnerability can be exploited via the
by parameter in the "msearch" action.Recommendations
For Arab Portal version 2.2, consider disabling the
msearch action in members.php until a patch is available, or enable the magic quotes gpc setting to prevent SQL injection attacks.Exploit
Fix
RCE
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Arab Portal