CVE-2010-4784

Name of the Vulnerable Software and Affected Versions PHP Web Scripts Easy Banner Free version 2009.05.18

Description The issue concerns SQL injection vulnerabilities in the member.php file of PHP Web Scripts Easy Banner Free. When magic quotes gpc is disabled, remote attackers can execute arbitrary SQL commands by manipulating the username and password parameters.

Recommendations For PHP Web Scripts Easy Banner Free version 2009.05.18, consider disabling the member.php file or restricting access to it until a patch is available. As a temporary workaround, enable magic quotes gpc to prevent SQL injection attacks via the username and password parameters. Avoid using the username and password parameters in the affected member.php file until the issue is resolved.