This host is installed with PHP-Fusion and is prone to multiple vulnerabilities.

Successful exploitation will allow attackers to execute arbitrary web script or HTML in a user's browser session in the context of an affected site and manipulate SQL queries by injecting arbitrary SQL code or disclose or manipulation of arbitrary data. Impact Level: Application

Upgrade to PHP-Fusion Version 7.02.06 or later, For updates refer to http://www.php-fusion.co.uk/downloads.php

Multiple Flaws exist in PHP-Fusion, For more details about the vulnerabilities refer the reference section.

PHP-Fusion Version 7.02.05 and prior versions may also be affected

Send a crafted data via HTTP GET request and check whether it is able execute sql query or not.

• http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html
• http://seclists.org/bugtraq/2013/Feb/149
• http://secunia.com/52226
• http://secunia.com/52403
• http://www.exploit-db.com/exploits/24562
• http://www.osvdb.com/90697

---

Updated on 2015-03-25