| VID |
21656 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of PHP-Fusion which is older than version 6.00.106 is detected as running on the host. PHP-Fusion is a freely available content management system (CMS) written in PHP which uses MySQL. PHP-Fusion versions 6.00.105 and earlier are vulnerable to two vulnerabilities, which can be exploited by a remote attacker to conduct script insertion attacks or disclose sensitive information.
1) Input passed to the "news_body", "article_description", and "article_body" parameters in "submit.php" is not properly sanitized before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed.
2) Missing access control restrictions on the "administration/db_backups/" directory makes it possible to retrieve the database backup files containing users' password hashes.
* Note: This check solely relied on the version number of the PHP-Fusion installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://dark-assassins.com/forum/viewtopic.php?t=142
http://dark-assassins.com/forum/viewtopic.php?t=145
http://secunia.com/advisories/15830
http://www.frsirt.com/english/advisories/2005/0888
* Platforms Affected:
digitanium, PHP-Fusion versions 6.00.105 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of PHP-Fusion (6.00.106 dated July 1, 2005 or later), available from the PHP-Fusion Web page http://sourceforge.net/projects/php-fusion/ |
| Related URL |
CVE-2005-2074,CVE-2005-2075 (CVE) |
| Related URL |
14066 (SecurityFocus) |
| Related URL |
(ISS) |
|
