CVE-2009-0711

Name of the Vulnerable Software and Affected Versions PHPFootball versions 1.6 and earlier

Description The issue allows remote attackers to retrieve password hashes by sending a request with specific parameters. This is achieved by setting the dbtable parameter to 'Accounts' and the dbfield parameter to 'Password'. Some sources have reported this as a SQL injection issue, but the accuracy of this classification is uncertain.

Recommendations For PHPFootball versions 1.6 and earlier, as a temporary workaround, consider restricting access to the filter.php file until a patch is available. Avoid using the dbtable and dbfield parameters in the filter.php file with sensitive values like 'Accounts' and 'Password' until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.