CVE-2008-5000

Name of the Vulnerable Software and Affected Versions PHPX version 3.5.16

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by using uppercase characters in the news id parameter in the admin/includes/news.inc.php file when magic quotes gpc is disabled.

Recommendations For PHPX version 3.5.16, consider disabling the use of uppercase characters in the news id parameter or enabling magic quotes gpc as a temporary workaround until a patch is available. Restrict access to the admin/includes/news.inc.php file to minimize the risk of exploitation.