CVE-2016-15031

Name of the Vulnerable Software and Affected Versions PHP-Login version 1.0

Description A critical issue was found in the function checkLogin() of the file login/scripts/class.loginscript.php within the POST Parameter Handler component. The manipulation of the myusername argument can lead to SQL injection. This issue can be initiated remotely.

Recommendations For PHP-Login version 1.0, upgrade to version 2.0 to address this issue. As a temporary workaround, consider restricting the use of the checkLogin() function or limiting access to the myusername argument in the affected component until the upgrade is applied.