CVE-2008-6241

Name of the Vulnerable Software and Affected Versions: FlexPHPSite versions 0.0.1 through 0.0.7

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the checkuser parameter (also known as the username field) or the checkpass parameter (also known as the password field) in the admin/usercheck.php file when magic quotes gpc is disabled.

Recommendations: For FlexPHPSite versions 0.0.1 through 0.0.7, consider disabling the admin/usercheck.php file until a patch is available, or restrict access to this file to minimize the risk of exploitation. Avoid using the checkuser and checkpass parameters in the affected admin/index.php endpoint until the issue is resolved.