Description

SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005-3159, CVE-2005-4005, and CVE-2006-2459.

Remediation

References

CVE-2008-5335

Related Vulnerabilities

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-16172)

Joomla! Core 3.x.x Prototype Pollution (3.0.0 - 3.9.4)

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4193)

WordPress Plugin Tabs-Responsive Tabs with WooCommerce Product Tab Extension Security Bypass (3.5.4)

WordPress Plugin CataBlog 'category' Parameter Cross-Site Scripting (1.6.2)

Severity

Medium

Classification

CVE-2008-5335 CWE-138

Tags

Missing Update Known Vulnerabilities