CVE-2012-1026

Name of the Vulnerable Software and Affected Versions XRay CMS version 1.1.1

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the username or password parameters in the login2.php file.

Recommendations For XRay CMS version 1.1.1, update to a version that fixes the SQL injection vulnerabilities in the login2.php file. As a temporary workaround, consider restricting access to the login2.php file to minimize the risk of exploitation. Avoid using the username and password parameters in the affected file until the issue is resolved.