CVE-2005-3968

PHPX 3.5.9 - SQL Injection via Username Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2005-3968. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets PHPX <=3.5.9, leveraging SQL injection to bypass authentication and execute remote commands. It includes a web interface for inputting target details and executing the attack.

Description

SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by rgod · phpwebappsphp
https://www.exploit-db.com/exploits/26697

This exploit targets PHPX <=3.5.9, leveraging SQL injection to bypass authentication and execute remote commands. It includes a web interface for inputting target details and executing the attack.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Moderate
Reliability
Reliable
Target: PHPX <=3.5.9
No auth needed
Prerequisites: Target must be running PHPX <=3.5.9 · Network access to the target
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Third Party Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2696
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/15680
Exploit, Vendor Advisory x_refsource_misc
http://rgod.altervista.org/phpx_359_xpl.html
Exploit vdb-entry x_refsource_sectrack
http://securitytracker.com/id?1015300
Patch, URL Repurposed x_refsource_confirm
http://www.phpx.org/news.php?news_id=139
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/21384
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/418253/100/0/threaded
Patch, Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/17858
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/23459

Scores

EPSS 0.0202
EPSS Percentile 78.4%

Details

Status published
Products (10)
phpx/phpx 3.5
phpx/phpx 3.5.1
phpx/phpx 3.5.2
phpx/phpx 3.5.3
phpx/phpx 3.5.4
phpx/phpx 3.5.5
phpx/phpx 3.5.6
phpx/phpx 3.5.7
phpx/phpx 3.5.8
phpx/phpx 3.5.9
Published Dec 03, 2005
Tracked Since Feb 18, 2026