CVE-2010-4612

Name of the Vulnerable Software and Affected Versions Hycus CMS version 1.0.3

Description The issue allows remote attackers to execute arbitrary SQL commands. This is possible via several parameters, including user name and usr email to "user/1/hregister.html", usr email to "user/1/hlogin.html", useremail to "user/1/forgotpass.html", and the q parameter to "search/1.html", when magic quotes gpc is disabled.

Recommendations For Hycus CMS version 1.0.3, consider disabling the affected parameters, such as user name, usr email, useremail, and q, until a patch is available. Additionally, enabling magic quotes gpc can help mitigate the risk of SQL injection attacks.