Total vulnerabilities in the database
PHPX 3.2.6 and earlier allows remote attackers to obtain the physical path of PHPX via a null or invalid value in the limit parameter, which leaks the pathname in a database error message, as demonstrated using forums.php.
| Software | From | Fixed in |
|---|---|---|
| phpx / phpx | 3.2.4 | 3.2.4.x |
| phpx / phpx | 2.2.1 | 2.2.1.x |
| phpx / phpx | 3.2.5 | 3.2.5.x |
| phpx / phpx | 3.1.0 | 3.1.0.x |
| phpx / phpx | 3.1.2 | 3.1.2.x |
| phpx / phpx | 3.0.4 | 3.0.4.x |
| phpx / phpx | 3.0.0 | 3.0.0.x |
| phpx / phpx | 3.1.4 | 3.1.4.x |
| phpx / phpx | 3.0.2 | 3.0.2.x |
| phpx / phpx | 3.0.1 | 3.0.1.x |
| phpx / phpx | 3.0.6 | 3.0.6.x |
| phpx / phpx | 3.2.0 | 3.2.0.x |
| phpx / phpx | 1.0.10 | 1.0.10.x |
| phpx / phpx | 3.1.3 | 3.1.3.x |
| phpx / phpx | 3.2.2 | 3.2.2.x |
| phpx / phpx | 2.2.4 | 2.2.4.x |
| phpx / phpx | 2.1.0 | 2.1.0.x |
| phpx / phpx | 3.0.7 | 3.0.7.x |
| phpx / phpx | 2.2.3 | 2.2.3.x |
| phpx / phpx | 3.1.1 | 3.1.1.x |
| phpx / phpx | 3.2.6 | 3.2.6.x |
| phpx / phpx | 2.2.0 | 2.2.0.x |
| phpx / phpx | 3.2.3 | 3.2.3.x |
| phpx / phpx | 3.0.5 | 3.0.5.x |
| phpx / phpx | 3.2.1 | 3.2.1.x |
| phpx / phpx | 3.0.3 | 3.0.3.x |
| phpx / phpx | 1.0.7 | 1.0.7.x |
| phpx / phpx | 1.0.14 | 1.0.14.x |