CVE-2005-3968

Phpx - SQL Injection

Title source: rule

Description

SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by rgod · phpwebappsphp

https://www.exploit-db.com/exploits/26697

View Code ZIP pw:eip

References (9)

[Third Party Advisory] http://www.vupen.com/english/advisories/2005/2696

[Exploit] http://www.securityfocus.com/bid/15680

[Exploit, Vendor Advisory] http://rgod.altervista.org/phpx_359_xpl.html

[Exploit] http://securitytracker.com/id?1015300

[Patch, URL Repurposed] http://www.phpx.org/news.php?news_id=139

[Third Party Advisory, VDB Entry] http://www.osvdb.org/21384

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/418253/100/0/threaded

[Patch, Vendor Advisory] http://secunia.com/advisories/17858

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/23459

Scores

EPSS 0.0356

EPSS Percentile 87.7%

Details

Status published

Products (10)

phpx/phpx 3.5

phpx/phpx 3.5.1

phpx/phpx 3.5.2

phpx/phpx 3.5.3

phpx/phpx 3.5.4

phpx/phpx 3.5.5

phpx/phpx 3.5.6

phpx/phpx 3.5.7

phpx/phpx 3.5.8

phpx/phpx 3.5.9

Published Dec 03, 2005

Tracked Since Feb 18, 2026