CVE-2013-5121
PHPFox prior to 3.6.0 (build6) is affected by an SQL injection in the user/browse/view_ endpoint via the search[sort_by] parameter. The underlying issue is unsafeguarded SQL construction that allows remote attackers to execute arbitrary SQL commands, with potential partial impact to confidentiali...