EUVD-2008-6112

Malware in sbrugna...

Sql injection

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 checkuser and 2 checkpass parameters...

CVE-2008-6749

CVE-2008-6749 affects FlexPHPDirectory 0.0.1. Multiple SQL injection vulnerabilities exist in admin/usercheck.php when magic_quotes_gpc is disabled, allowing remote attackers to injected arbitrary SQL via the checkuser and checkpass parameters. The issue is documented with an NVD entry and multip...

CVE-2008-6730

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the checkuser parameter aka username field, or 2 the checkpass parameter aka password field, to...

Sql injection

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the checkuser parameter aka username field, or 2 the checkpass parameter aka password field, to...

CVE-2008-6730

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the checkuser parameter aka username field, or 2 the checkpass parameter aka password field, to...

CVE-2008-6730

CVE-2008-6730 affects FlexPHPLink Pro versions 0.0.6 and 0.0.7. The vulnerability is a SQL injection in admin/usercheck.php that can be triggered when magic_quotes_gpc is disabled, allowing remote attackers to alter or disclose data via the checkuser (username) or checkpass (password) fields dire...

CVE-2008-6241

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the checkuser parameter aka username field, or 2 the checkpass parameter aka password field, to...

Sql injection

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the checkuser parameter aka username field, or 2 the checkpass parameter aka password field, to...

CVE-2008-6241

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via 1 the checkuser parameter aka username field, or 2 the checkpass parameter aka password field, to...

CVE-2008-6241

CVE-2008-6241 affects FlexPHPSite versions 0.0.1 and 0.0.7. It describes SQL injection in admin/usercheck.php when magic_quotes_gpc is disabled, allowing remote attackers to modify or exfiltrate data via the checkuser (username) or checkpass (password) fields directed to admin/index.php. The NVD ...

Sql injection

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via 1 the checkuser parameter aka username field, or 2 the checkpass parameter aka password field, to...

CVE-2008-6142

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPic 0.0.4 and FlexPHPic Pro 0.0.3, and other 0.0.x versions, allow remote attackers to execute arbitrary SQL commands via 1 the checkuser parameter aka username field, or 2 the checkpass parameter aka password field, to...

Sql injection

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the 1 checkuser parameter aka username field or 2 checkpass parameter aka password field to admin/index.php. NOTE: some of these details are obtained fro...

CVE-2008-5927

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPNews 0.0.6 allow remote attackers to execute arbitrary SQL commands via the 1 checkuser parameter aka username field or 2 checkpass parameter aka password field to admin/index.php. NOTE: some of these details are obtained fro...

CVE-2008-5927

CVE-2008-5927 describes multiple SQL injection vulnerabilities in FlexPHPNews 0.0.6, specifically in admin/usercheck.php. The attack surface is the login path at admin/index.php, where user-supplied inputs in the checkuser (username) and checkpass (password) parameters appear to be unsafely handl...