Description
Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin Shipping Servientrega Woocommerce Arbitrary File Upload (2.0.3)
Undertow CVE-2022-4492 Vulnerability (CVE-2022-4492)
WordPress Plugin External 'Video for Everybody' Cross-Site Scripting (2.0)
LimeSurvey Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2018-1000658)
WordPress Plugin Ultimate Affiliate Pro Multiple Cross-Site Scripting Vulnerabilities (3.6)