CVE-2008-5927

Name of the Vulnerable Software and Affected Versions FlexPHPNews version 0.0.6

Description The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the checkuser parameter (also known as the username field) or the checkpass parameter (also known as the password field) in the "admin/usercheck.php" file, which is accessed through the "admin/index.php" endpoint, specifically the "/admin/index.php" API endpoint.

Recommendations For FlexPHPNews version 0.0.6, consider restricting access to the "admin/usercheck.php" file and the associated "/admin/index.php" endpoint to minimize the risk of exploitation. Avoid using the checkuser and checkpass parameters in the affected API endpoint until the issue is resolved.