Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> PHP-Fusion <= 6.00.106 Multiple Vulnerabilities


Vulnerability Assessment Details

PHP-Fusion <= 6.00.106 Multiple Vulnerabilities

Vulnerability Assessment Summary
Checks for multiple vulnerabilities in PHP-Fusion <= 6.00.106

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server contains several PHP scripts that suffer from SQL
injection and cross-site scripting flaws.

Description :

According to its banner, the remote host is running a version of
PHP-Fusion that suffers from multiple vulnerabilities :

- SQL Injection Vulnerability
The application fails to sanitize user-supplied input to the
'msg_view' parameter of the 'messages.php' script before
using it in database queries. Exploitation requires that an
attacker first authenticate.

- HTML Injection Vulnerability
A possible hacker can inject malicious CSS (Cascading Style Sheets)
codes through [color] tags, thereby affecting how the site is
rendered whenever users view specially-crafted posts.

See also :

http://secure4arab.com/forum/showthread.php?t=3506

Solution :

Upgrade to PHP-Fusion 6.00.107 or later.

Network Security Threat Level:

Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)

Networks Security ID: 14332, 14489

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Tenable Network Security

Cables, Connectors


Samsung Galaxy Tab A9+ 11.0

Samsung Galaxy Tab A9+ 11.0" 64GB Gray Wi-Fi Tablet Bundle SM-X210NZAYXAR 2023

$119.99



Samsung - S Pen Creator Edition - White picture

Samsung - S Pen Creator Edition - White

$24.00



Samsung Galaxy Tab 4 7.0 SM-T230NU WIFI Only 8GB White B with Charger BUNDLE picture

Samsung Galaxy Tab 4 7.0 SM-T230NU WIFI Only 8GB White B with Charger BUNDLE

$24.99



Samsung Galaxy Tab S9 FE 10.9” 128GB WiFi With S-Pen SM-X510 Mint  NEW picture

Samsung Galaxy Tab S9 FE 10.9” 128GB WiFi With S-Pen SM-X510 Mint NEW

$279.00



Samsung Curved LED Monitor C24F390FHN CF390 Series 24 inch - LC24F390FHNXZA picture

Samsung Curved LED Monitor C24F390FHN CF390 Series 24 inch - LC24F390FHNXZA

$79.99



Samsung Galaxy Tab A7 Lite SM-T227U 32 GB, Wi-Fi, 8.7 in - Gray picture

Samsung Galaxy Tab A7 Lite SM-T227U 32 GB, Wi-Fi, 8.7 in - Gray

$64.83



Samsung Galaxy View2 At&t Black 64GB - Good picture

Samsung Galaxy View2 At&t Black 64GB - Good

$299.99



Samsung Chromebook XE303 11.6

Samsung Chromebook XE303 11.6" Laptop Exynos 1.7GHz 2GB RAM 16GB eMMC AC Adapter

$28.49



Samsung Galaxy Tab S6 Lite (2020) 10.4

Samsung Galaxy Tab S6 Lite (2020) 10.4" 64GB P610 Wifi Only No S-Pen - Excellent

$99.99



Samsung Galaxy Tab S4 SM-T830 Gray 64GB Wi-Fi 10.5

Samsung Galaxy Tab S4 SM-T830 Gray 64GB Wi-Fi 10.5" Tablet , S-Pen INCLUDED

$89.00



Discussions

No Discussions have been posted on this vulnerability.