Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPDirectory 0.0.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) checkuser and (2) checkpass parameters.

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6749)