SQL injection vulnerability in admin/includes/news.inc.php in PHPX 3.5.16, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via uppercase characters in the news_id parameter.
Max CVSS
6.8
EPSS Score
0.16%
Published
2008-11-10
Updated
2017-09-29
SQL injection vulnerability in checkCookie function in includes/functions.inc.php in PHPX 3.5.16 allows remote attackers to execute arbitrary SQL commands via a PXL cookie.
Max CVSS
7.5
EPSS Score
0.11%
Published
2008-08-06
Updated
2017-09-29
2 vulnerabilities found