Th3.R00K

**Name of the Vulnerable Software and Affected Versions** phpRPG version 0.8 **Description** The issue allows remote attackers to execute arbitrary SQL commands. This is possible via the `username` parameter in index.php when magic quotes gpc is disabled. **Recommendations** For phpRPG version 0.8, consider enabling magic quotes gpc to prevent SQL injection attacks. As a temporary workaround, restrict access to the index.php file or avoid using the `username` parameter until a patch is available.