| VID |
21387 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The PHP-Fusion, according to the version number, has a SQL Injection Vulnerability.
PHP-Fusion is a freely available PHP-based content management system (CMS) that uses a MySQL backend database. PHP-Fusion version 4.01 and possibly earlier versions are vulnerable to a SQL Injection Attack, caused by a failure of the application to properly sanitize user-supplied input data. By sending a specially-crafted request to the 'members.php' or 'comments.php' script containing embedded SQL commands in the 'rowstart' or the 'comment_id' parameter respectively, a remote authenticated attacker could execute arbitrary code on the system, including to add, modify or delete data in the backend database.
* Note: This check solely relied on the version number of the remote PHP-Fusion installed on the web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=10437
http://www.osvdb.org/displayvuln.php?osvdb_id=10438
http://www.osvdb.org/displayvuln.php?osvdb_id=10439
* Platforms Affected:
digitanium, PHP-Fusion 4.01 and possibly prior
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of October 2004.
Upgrade to the new version of PHP-Fusion, when new version fixed this problem becomes available from the PHP-Fusion Web site at http://sourceforge.net/projects/php-fusion/ |
| Related URL |
CVE-2004-2437 (CVE) |
| Related URL |
11296 (SecurityFocus) |
| Related URL |
17546 (ISS) |
|
