CVE-2006-0570

Name of the Vulnerable Software and Affected Versions phpstatus version 1.0

Description The issue allows remote attackers to execute arbitrary SQL commands and bypass authentication. This can be achieved via the username parameter in "check.php" or through unknown attack vectors in the administrative interface, when gpc magic quotes is disabled.

Recommendations For phpstatus version 1.0, consider disabling the administrative interface or restricting access to it until a fix is available. Additionally, enable gpc magic quotes to prevent SQL injection attacks. As a temporary workaround, avoid using the username parameter in the "check.php" endpoint until the issue is resolved.