Advertisement






PHP-Fusion Two SQL Injection Vulnerabilities

CVE Category Price Severity
Author Risk Exploitation Type Date
Our sensors found this exploit at: http://cxsecurity.com/ascii/WLB-2005100014

Below is a copy:

======================================================================

Secunia Research 06/10/2005

- PHP-Fusion Two SQL Injection Vulnerabilities -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerabilities.......................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
About Secunia........................................................8
Verification.........................................................9

======================================================================
1) Affected Software

PHP-Fusion 6.00.109

Other versions may also be affected.

======================================================================
2) Severity

Rating: Moderately critical
Impact: Manipulation of data
Where:  Remote

======================================================================
3) Vendor's Description of Software

A light-weight open-source content management system (CMS) written 
in PHP.

Product link:
http://www.php-fusion.co.uk/

======================================================================
4) Description of Vulnerabilities

Secunia Research has discovered two vulnerabilities in PHP-Fusion, 
which can be exploited by malicious people to conduct SQL injection 
attacks.

Input passed to the "activate" parameter in "register.php" and the 
"cat_id" parameter in "faq.php" isn't properly sanitised before being 
used in a SQL query. This can be exploited to manipulate SQL queries 
by injecting arbitrary SQL code.

Successful exploitation requires that "magic_quotes_gpc" is disabled.

The vulnerabilities have been confirmed in version 6.00.109. Other 
versions may also be affected.

======================================================================
5) Solution

Update to version 6.00.110.
http://www.php-fusion.co.uk/downloads.php?cat_id=3

======================================================================
6) Time Table

04/10/2005 - Vulnerabilities discovered.
05/10/2005 - Vendor notified.
05/10/2005 - Vendor confirms vulnerabilities.
06/10/2005 - Public disclosure.

======================================================================
7) Credits

Discovered by Andreas Sandblad, Secunia Research.

======================================================================
8) About Secunia

Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia website:

http://secunia.com/

Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/

======================================================================
9) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2005-52/advisory/

======================================================================

Copyright ©2024 Exploitalert.

This information is provided for TESTING and LEGAL RESEARCH purposes only.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use and Privacy Policy and Impressum