SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitrary SQL code and bypass authentication via the (1) linpha_userid or (2) linpha_password cookies.
Software | From | Fixed in |
---|---|---|
linpha / linpha | 0.9.0 | 0.9.0.x |
linpha / linpha | 0.9.1 | 0.9.1.x |
linpha / linpha | 0.9.2 | 0.9.2.x |
linpha / linpha | 0.9.3 | 0.9.3.x |
linpha / linpha | 0.9.4 | 0.9.4.x |