PHP-Fusion < 6.00.110 Multiple SQL Injection Vulnerabilities Network Vulnerability

Summary

The remote version of this software is vulnerable to multiple SQL injection attacks due to its failure to properly sanitize certain parameters. Provided PHP's 'magic_quotes_gpc' setting is disabled, these flaws allow an attacker to manipulate database queries, which may result in the disclosure or modification of data.

Solution

Update to at least version 6.00.110 of PHP-Fusion.

References

http://archives.neohapsis.com/archives/secunia/2005-q4/0021.html

Updated on 2017-03-28

Severity

Classification

CVE CVE-2005-3157, CVE-2005-3158, CVE-2005-3160, CVE-2005-3161

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

ATutor password reminder SQL injection
AdMentor Login Flaw
Apache Struts ClassLoader Manipulation Vulnerabilities
ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability
Atmail Multiple Unspecified Security Vulnerabilities.

Take action and discover your vulnerabilities