Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-3968

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2005-3968
Last Modified 07 Mar 2011 09:27:27
Published 03 Dec 2005 02:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-3968

Summary

SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter.

Vulnerable Systems

Application

  • Phpx 3.5

  • Phpx 3.5.1

  • Phpx 3.5.2

  • Phpx 3.5.3

  • Phpx 3.5.4

  • Phpx 3.5.5

  • Phpx 3.5.6

  • Phpx 3.5.7

  • Phpx 3.5.8

  • Phpx 3.5.9


References

CONFIRM - http://www.phpx.org/news.php?news_id=139

SECUNIA - 17858

VUPEN - ADV-2005-2696

BID - 15680

BUGTRAQ - 20051130 PhpX <= 3.5.9 SQL Injection -> login bypass -> remote command/code execution

SECTRACK - 1015300

MISC - http://rgod.altervista.org/phpx_359_xpl.html

XF - phpx-login-sql-injection(23459)

OSVDB - 21384


Last Updated: 27 May 2016 10:41:08