Description

A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,

Remediation

References

CVE-2020-14960

Related Vulnerabilities

Envoy Proxy Reachable Assertion Vulnerability (CVE-2021-29258)

WordPress Plugin Sell Media Cross-Site Request Forgery (2.5.5)

Open Resty Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') Vulnerability (CVE-2020-11724)

WordPress Plugin Radio Buttons for Taxonomies Cross-Site Request Forgery (2.0.5)

Zikula Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-0535)

Severity

High

Classification

CVE-2020-14960 CWE-138 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Tags

Missing Update Known Vulnerabilities