Unrated severityNVD Advisory· Published Dec 3, 2005· Updated Apr 16, 2026

CVE-2005-3968

Description

SQL injection vulnerability in auth.inc.php in PHPX 3.5.9 and earlier allows remote attackers to execute arbitrary SQL commands, bypass authentication, and upload arbitrary PHP code via the username parameter.

Affected products

Phpx/Phpx10 versions
cpe:2.3:a:phpx:phpx:3.5:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:phpx:phpx:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.5.8:*:*:*:*:*:*:*
- cpe:2.3:a:phpx:phpx:3.5.9:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/17858nvdPatchVendor Advisory
www.phpx.org/news.phpnvdPatchURL Repurposed
rgod.altervista.org/phpx_359_xpl.htmlnvdExploitVendor Advisory
securitytracker.com/idnvdExploit
www.securityfocus.com/bid/15680nvdExploit
www.osvdb.org/21384nvd
www.securityfocus.com/archive/1/418253/100/0/threadednvd
www.vupen.com/english/advisories/2005/2696nvd
exchange.xforce.ibmcloud.com/vulnerabilities/23459nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000