CVE-2010-3076

Name of the Vulnerable Software and Affected Versions smbind versions prior to 0.4.8

Description The issue concerns a problem with the filter function in the smbind software, specifically in the php/src/include.php file. This problem allows remote attackers to conduct SQL injection attacks by exploiting the username parameter in the admin login page. The lack of anchoring in a certain regular expression enables attackers to execute arbitrary SQL commands.

Recommendations For versions prior to 0.4.8, update to version 0.4.8 or later to resolve the issue. As a temporary workaround, consider restricting access to the admin login page to minimize the risk of exploitation. Avoid using the username parameter in the affected login functionality until the issue is resolved.