| VID |
21669 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of PHP-Fusion which is older than version 6.00.107 is detected as running on the host. PHP-Fusion is a freely available content management system (CMS) written in PHP which uses MySQL. PHP-Fusion versions 6.00.106 and earlier are vulnerable to two vulnerabilities, which can be exploited by a remote attacker to conduct cross-site scripting or SQL injection attacks.
1) HTML Injection Vulnerability: Input passed to the BBcode "color" tag is not properly verified before being used in a post. This can be exploited to inject certain CSS (Cascading Style Sheets) code, which will be rendered in a user's browser session in context of an affected site when the malicious post is viewed.
2) SQL Injection Vulnerability: Input passed to the "msg_view" parameter of the "messages.php" code library isn't properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Exploitation requires that an attacker first authenticate.
* Note: This check solely relied on the version number of the PHP-Fusion installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://secunia.com/advisories/16096
http://www.osvdb.org/displayvuln.php?osvdb_id=18111
* Platforms Affected:
digitanium, PHP-Fusion versions 6.00.106 and earlier
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of August 2005.
Upgrade to the latest version of PHP-Fusion, when new fixed version becomes available from the PHP-Fusion Web page http://sourceforge.net/projects/php-fusion/ |
| Related URL |
CVE-2005-2401 (CVE) |
| Related URL |
14332,14489 (SecurityFocus) |
| Related URL |
(ISS) |
|
