CVE-2008-5000

Phpx - SQL Injection

Title source: rule

Description

SQL injection vulnerability in admin/includes/news.inc.php in PHPX 3.5.16, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via uppercase characters in the news_id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED
by StAkeR · phpwebappsphp
https://www.exploit-db.com/exploits/6996

References (4)

Scores

EPSS 0.0049
EPSS Percentile 65.4%

Details

CWE
CWE-89
Status published
Products (1)
phpx/phpx 3.5.16
Published Nov 10, 2008
Tracked Since Feb 18, 2026