CVE-2011-10003

Name of the Vulnerable Software and Affected Versions XpressEngine versions up to 1.4.4

Description A critical issue affects the Update Query Handler component, leading to sql injection. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. The issue is related to some unknown processing of the component, and the manipulation leads to sql injection.

Recommendations For XpressEngine versions up to 1.4.4, upgrade to version 1.4.5 to address this issue. As a temporary workaround, consider restricting access to the Update Query Handler component until the patch is applied.