Description
SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803.
Remediation
References
Related Vulnerabilities
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-3665)
phpMyFAQ Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-15731)
WordPress Plugin WP Dynamic Keywords Injector Cross-Site Request Forgery (2.3.15)
WordPress Plugin Podcast Channels Cross-Site Scripting (0.20)
WordPress Plugin WordPress Responsive Preview Cross-Site Scripting (1.1)