CVE-2005-3968

Name of the Vulnerable Software and Affected Versions PHPX versions 3.5.9 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter. This can be exploited by sending malicious input to the vulnerable API endpoint, potentially leading to unauthorized access and code execution.

Recommendations For PHPX versions 3.5.9 and earlier, update to a version later than 3.5.9 to resolve the issue. As a temporary workaround, consider restricting access to the auth.inc.php file and validating user input to prevent SQL injection attacks. Avoid using the username parameter in the affected API endpoint until the issue is resolved.