Summary
This host is installed with PHP-Fusion and is prone to multiple vulnerabilities.
Impact
Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site and manipulate SQL queries by injecting arbitrary SQL code or disclose or manipulation of arbitrary data.
Impact Level: Application
Solution
Upgrade to PHP-Fusion Version 7.02.06 or later,
For updates refer to http://www.php-fusion.co.uk/downloads.php
Insight
Multiple Flaws exist in PHP-Fusion, For more details about the vulnerabilities refer the reference section.
Affected
PHP-Fusion Version 7.02.05 and prior versions may also be affected
Detection
Send a crafted data via HTTP GET request and check whether it is able execute sql query or not.
References
Severity
Classification
-
CVE CVE-2013-1803, CVE-2013-1804, CVE-2013-1805, CVE-2013-1806, CVE-2013-1807, CVE-2013-7375 -
CVSS Base Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities
- Apple Safari RSS Feed Information Disclosure Vulnerability
- AlefMentor Multiple SQL Injection Vulnerabilities
- Apache Struts ClassLoader Manipulation Vulnerabilities
- Apache Tomcat/JBoss EJBInvokerServlet / JMXInvokerServlet (RMI over HTTP) Marshalled Object Remote Code Execution
- ASAS Server End User Self Service (EUSS) SQL Injection Vulnerability