 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.200010 |
| Category: | Web application abuses |
| Title: | PHP-Fusion <= 6.00.206 Forum SQL Injection Vulnerability |
| Summary: | A vulnerability is reported in the forum module of PHP-Fusion; 6.00.206 and some early released versions. |
| Description: | Summary: A vulnerability is reported in the forum module of PHP-Fusion 6.00.206 and some early released versions. Vulnerability Insight: The failure exists because the application does not properly sanitize user-supplied input in 'options.php' and 'viewforum.php' before using it in the SQL query, and magic_quotes_gpc is set to off. Vulnerability Impact: When the forum module is activated, a registered user can execute arbitrary SQL injection commands. Solution: Apply the patch from the php-fusion main site. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2005-3740 BugTraq ID: 15502 http://www.securityfocus.com/bid/15502 Bugtraq: 20051118 PHP-Fusion <= 6.00.206 Multiple Vulnerabilities (Google Search) http://seclists.org/lists/bugtraq/2005/Nov/0232.html Bugtraq: 20051119 Re: PHP-Fusion <= 6.00.206 Multiple Vulnerabilities (Google Search) http://seclists.org/lists/bugtraq/2005/Nov/0237.html http://myblog.it-security23.net/advisories/advisory-6.txt http://www.osvdb.org/20991 http://www.osvdb.org/20992 http://secunia.com/advisories/17664 http://www.vupen.com/english/advisories/2005/2504 |
| Copyright | Copyright (C) 2008 Ferdy Riphagen |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |