SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Phpx | Phpx | 3.5.9 | 3.5.9 |
Phpx | Phpx | 3.5.2 | 3.5.2 |
Phpx | Phpx | 3.5 | 3.5 |
Phpx | Phpx | 3.5.3 | 3.5.3 |
Phpx | Phpx | 3.5.7 | 3.5.7 |
Phpx | Phpx | 3.5.1 | 3.5.1 |
Phpx | Phpx | 3.5.8 | 3.5.8 |
Phpx | Phpx | 3.5.4 | 3.5.4 |
Phpx | Phpx | 3.5.5 | 3.5.5 |
Phpx | Phpx | 3.5.6 | 3.5.6 |