1. CVE-Search
  2. CVE-2005-3968
ID CVE-2005-3968
Summary SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter.
References
Vulnerable Configurations
  • cpe:2.3:a:phpx:phpx:3.5.9:*:*:*:*:*:*:*
    cpe:2.3:a:phpx:phpx:3.5.9:*:*:*:*:*:*:*
  • cpe:2.3:a:phpx:phpx:3.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:phpx:phpx:3.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:phpx:phpx:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:phpx:phpx:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:phpx:phpx:3.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:phpx:phpx:3.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:phpx:phpx:3.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:phpx:phpx:3.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:phpx:phpx:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:phpx:phpx:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:phpx:phpx:3.5.8:*:*:*:*:*:*:*
    cpe:2.3:a:phpx:phpx:3.5.8:*:*:*:*:*:*:*
  • cpe:2.3:a:phpx:phpx:3.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:phpx:phpx:3.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:phpx:phpx:3.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:phpx:phpx:3.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:phpx:phpx:3.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:phpx:phpx:3.5.6:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bid 15680
bugtraq 20051130 PhpX <= 3.5.9 SQL Injection -> login bypass -> remote command/code execution
confirm http://www.phpx.org/news.php?news_id=139
misc http://rgod.altervista.org/phpx_359_xpl.html
osvdb 21384
sectrack 1015300
secunia 17858
vupen ADV-2005-2696
xf phpx-login-sql-injection(23459)
Last major update 14-02-2024 - 01:17
Published 03-12-2005 - 19:03
Last modified 14-02-2024 - 01:17
Back to Top