SQL Injection Vulnerabilities in PHP-Fusion by PHP-Fusion
CVE-2014-8596

Currently unrated

Key Information:

Vendor: PHP-fusion
Status: PHP-fusion
Vendor: CVE Published:; 17 November 2014

What is CVE-2014-8596?

PHP-Fusion versions prior to 7.02.07 contain multiple SQL injection vulnerabilities that enable remote authenticated users to manipulate database queries. Specifically, attackers can exploit the 'submit_id' parameter in the submissions administrative interface or the 'status' parameter in the members administrative interface to execute arbitrary SQL commands. This can lead to unauthorized data access and manipulation, emphasizing the need for updated security measures in web applications.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/98583

vdb-entryx_refsource_XF

http://packetstormsecurity.com/files/133869/PHP-Fusion-7....

x_refsource_MISC

http://osvdb.org/show/osvdb/112419

vdb-entryx_refsource_OSVDB

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 17, 2014
Vulnerability Reserved
Nov 4, 2014

PHP-fusion

What is CVE-2014-8596?

References

Timeline