CVE-2008-6730

Name of the Vulnerable Software and Affected Versions: FlexPHPLink Pro versions 0.0.6 through 0.0.7

Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via the checkuser parameter (also known as the username field) or the checkpass parameter (also known as the password field) in the admin/usercheck.php file when magic quotes gpc is disabled.

Recommendations: For FlexPHPLink Pro versions 0.0.6 through 0.0.7, consider disabling the admin/usercheck.php file or restricting access to it until a patch is available. As a temporary workaround, enable magic quotes gpc to minimize the risk of SQL injection attacks. Avoid using the checkuser and checkpass parameters in the affected admin/index.php endpoint until the issue is resolved.