CVE-2005-3968

N/A Unknown

Published: December 03, 2005 Modified: April 16, 2026

Description

SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://rgod.altervista.org/phpx_359_xpl.html

Source: cve@mitre.org

Exploit Vendor Advisory

http://secunia.com/advisories/17858

Source: cve@mitre.org

Patch Vendor Advisory

http://securitytracker.com/id?1015300

Source: cve@mitre.org

Exploit

http://www.osvdb.org/21384

Source: cve@mitre.org

http://www.phpx.org/news.php?news_id=139

Source: cve@mitre.org

Patch URL Repurposed

http://www.securityfocus.com/archive/1/418253/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/15680

Source: cve@mitre.org

Exploit

http://www.vupen.com/english/advisories/2005/2696

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/23459

Source: cve@mitre.org

http://rgod.altervista.org/phpx_359_xpl.html