Description
Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Ninja Forms with File Uploads Extension Arbitrary File Upload (3.3.0)
PostgreSQL CVE-2018-1058 Vulnerability (CVE-2018-1058)
WordPress Plugin My Category Order Cross-Site Scripting (4.3)
Ruby CVE-2019-15845 Vulnerability (CVE-2019-15845)
WordPress Plugin Autocomplete Wizard Unspecified Vulnerability (2.0)