GlFusion Multiple SQL Injection Vulnerabilities Network Vulnerability

Summary

This host is running glFusion and is prone to multiple SQL injection vulnerabilities.

Impact

Successful exploitation will let the attacker cause SQL injection attack and gain sensitive information. Impact Level: Application

Solution

Upgrade to the latest version of glFusion 1.1.8 or later, For updates refer to http://www.glfusion.org/filemgmt/index.php

Insight

The flaws are due to improper validation of user supplied input via the 'order' and 'direction' parameters to 'search.php' that allows attacker to manipulate SQL queries by injecting arbitrary SQL code.

Affected

glFusion version 1.1.2 and prior.

References

http://secunia.com/advisories/34519
http://www.securityfocus.com/archive/1/archive/1/502260/100/0/threaded

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-4796

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

A-Blog 'sources/search.php' SQL Injection Vulnerability
Atlassian JIRA FishEye and Crucible Plugins XML Parsing Unspecified Security Vulnerability
Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities
Apple Safari RSS Feed Information Disclosure Vulnerability
Advanced Guestbook Index.PHP SQL Injection Vulnerability

glFusion Multiple SQL Injection Vulnerabilities

Take action and discover your vulnerabilities