Family: CGI abuses --> Category: attack
PHPX username Parameter SQL Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for username parameter SQL injection vulnerability in PHPX
Detailed Explanation for this Vulnerability Test
The remote web server has a PHP application that is affected by a SQL
The remote host is running PHPX, a content management system written
The installed version of PHPX does not validate input to the
'username' parameter of the 'admin/index.php' script before using it
in a database query. Provided PHP's 'magic_quotes_gpc' setting is
off, a possible hacker can leverage this issue to manipulate SQL queries to,
for example, bypass authentication and gain administrative access to
the affected application.
See also :
Enable PHP's 'magic_quotes_gpc' setting.
High / CVSS Base Score : 7.0
Click HERE for more information and discussions on this network vulnerability scan.