CVE-2005-3968 Information

Description

SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands bypass authentication and upload arbitrary PHP code via the username parameter.

Reference

http://rgod.altervista.org/phpx_359_xpl.html http://secunia.com/advisories/17858 http://securitytracker.com/id?1015300 http://www.osvdb.org/21384 http://www.phpx.org/news.php?news_id=139 http://www.securityfocus.com/archive/1/418253/100/0/threaded http://www.securityfocus.com/bid/15680 http://www.vupen.com/english/advisories/2005/2696 https://exchange.xforce.ibmcloud.com/vulnerabilities/23459