CVE-2008-6749

Name of the Vulnerable Software and Affected Versions: FlexPHPDirectory version 0.0.1

Description: The issue concerns SQL injection vulnerabilities in the admin/usercheck.php file. When magic quotes gpc is disabled, remote attackers can execute arbitrary SQL commands via the checkuser and checkpass parameters in the /admin/usercheck.php API endpoint.

Recommendations: For FlexPHPDirectory version 0.0.1, consider disabling the checkuser and checkpass parameters in the admin/usercheck.php file until a patch is available. Restrict access to the admin/usercheck.php endpoint to minimize the risk of exploitation. Avoid using the checkuser and checkpass parameters in this endpoint until the issue is resolved.