Summary
Description :
A vulnerability exists in the remote version of PHP-Fusion that may allow an attacker to inject arbitrary SQL code and possibly execute arbitrary code, due to improper validation of user supplied input in the 'rowstart' parameter of script 'members.php'.
Solution
Upgrade to new verson.
Severity
Classification
-
CVE CVE-2004-2437, CVE-2004-2438 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- ApPHP MicroBlog Remote Code Execution Vulnerability
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- Ad Manager Pro Multiple SQL Injection And XSS Vulnerabilities
- ArticleSetup Multiple Cross-Site Scripting and SQL Injection Vulnerabilities
- Alchemy Eye HTTP Command Execution