Phpfox · Phpfox · CVE-2013-5121
**Name of the Vulnerable Software and Affected Versions**
PHPFox versions prior to 3.6.0 (build6)
**Description**
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the `search[sort by]` parameter to the "/user/browse/view /" API endpoint.
**Recommendations**
For versions prior to 3.6.0 (build6), update to version 3.6.0 (build6) or later to resolve the issue.