Multiple SQL Injection Vulnerabilities in PHP-Fusion by PHP-Fusion
CVE-2013-1803

Currently unrated

Key Information:

Vendor

PHP-fusion

Status
PHP-fusion
Vendor
CVE Published:
5 May 2014

What is CVE-2013-1803?

Multiple SQL injection vulnerabilities exist in versions of PHP-Fusion prior to 7.02.06. These vulnerabilities allow remote attackers to run arbitrary SQL commands through various parameters in several scripts. Specifically, the vulnerabilities can be exploited via parameters related to file downloads, forum actions, and administrative settings, compromising the integrity and security of affected installations. Proper user input validation and parameter sanitization are essential to mitigate these risks.

References

http://www.waraxe.us/advisory-97.html
x_refsource_MISC
http://osvdb.org/show/osvdb/90714
vdb-entryx_refsource_OSVDB
http://www.openwall.com/lists/oss-security/2013/03/03/2
mailing-listx_refsource_MLIST

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.