Intrusion Prevention

PHP121.PHP121LOGIN.PHP.SQL.Injection

Description

SQL injection vulnerability in php121language.php in PHP121 1.4 allows remote attackers to execute arbitrary SQL commands and execute arbitrary code via the sess_username variable, as set by the php121un HTTP COOKIE parameter, which is used in multiple files including php121login.php.

Affected Products

PHP121 1.4

Impact

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation

Recommended Actions

Upgrade to PHP121 Instant Messenger version 2.0 Final :
http://www.php121.com/download.php

CVE References

CVE-2006-1828