CVE-2010-4854

Name of the Vulnerable Software and Affected Versions Zuitu version 1.6

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the id parameter in a consume action in the "ajax/coupon.php" file when magic quotes gpc is disabled.

Recommendations For Zuitu version 1.6, consider disabling the consume action in "ajax/coupon.php" or restricting access to it until a patch is available. Additionally, enabling magic quotes gpc can help mitigate the risk of SQL injection attacks.