Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> PHP-Fusion <= 6.00.106 Multiple Vulnerabilities


Vulnerability Assessment Details

PHP-Fusion <= 6.00.106 Multiple Vulnerabilities

Vulnerability Assessment Summary
Checks for multiple vulnerabilities in PHP-Fusion <= 6.00.106

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server contains several PHP scripts that suffer from SQL
injection and cross-site scripting flaws.

Description :

According to its banner, the remote host is running a version of
PHP-Fusion that suffers from multiple vulnerabilities :

- SQL Injection Vulnerability
The application fails to sanitize user-supplied input to the
'msg_view' parameter of the 'messages.php' script before
using it in database queries. Exploitation requires that an
attacker first authenticate.

- HTML Injection Vulnerability
A possible hacker can inject malicious CSS (Cascading Style Sheets)
codes through [color] tags, thereby affecting how the site is
rendered whenever users view specially-crafted posts.

See also :

http://secure4arab.com/forum/showthread.php?t=3506

Solution :

Upgrade to PHP-Fusion 6.00.107 or later.

Network Security Threat Level:

Low / CVSS Base Score : 2
(AV:R/AC:L/Au:NR/C:P/A:N/I:N/B:N)

Networks Security ID: 14332, 14489

Vulnerability Assessment Copyright: This script is Copyright (C) 2005 Tenable Network Security

Cables, Connectors


** Intel i3 10100F CPU Processor - USED  ** picture

** Intel i3 10100F CPU Processor - USED **

$47.99



Intel - Core i9-14900K 14th Gen 24-Core 32-Thread - 4.4GHz (6.0GHz Turbo) Soc... picture

Intel - Core i9-14900K 14th Gen 24-Core 32-Thread - 4.4GHz (6.0GHz Turbo) Soc...

$533.99



Dell Intel® Xeon® Processor E5-2698 v4 Lightly Used picture

Dell Intel® Xeon® Processor E5-2698 v4 Lightly Used

$64.00



AMD Ryzen 7 7800X3D Processor (5 GHz, 8 Cores, Socket AM5), New /Sealed  picture

AMD Ryzen 7 7800X3D Processor (5 GHz, 8 Cores, Socket AM5), New /Sealed

$309.99



AMD Ryzen 5 7600x Processor (5.3 GHz, 6 Cores, LGA 1718/Socket AM5) Box -... picture

AMD Ryzen 5 7600x Processor (5.3 GHz, 6 Cores, LGA 1718/Socket AM5) Box -...

$165.00



AMD Ryzen 5 7600X - 6-Core 4.7 GHz Socket AM5 105W Desktop CPU Processor picture

AMD Ryzen 5 7600X - 6-Core 4.7 GHz Socket AM5 105W Desktop CPU Processor

$197.98



AMD Ryzen 9 7950x Processor (5.7 GHz, 16 Cores, LGA 1718/Socket AM5)  picture

AMD Ryzen 9 7950x Processor (5.7 GHz, 16 Cores, LGA 1718/Socket AM5)

$340.00



SR1XP Intel Xeon E5-2680 v3 12 Core 30MB 2.5GHz LGA 2011-3 Grade A Processor picture

SR1XP Intel Xeon E5-2680 v3 12 Core 30MB 2.5GHz LGA 2011-3 Grade A Processor

$3.96



Intel Xeon E5-2697 v4 2.3GHz 18-Core Processor CPU LGA2011 SR2JV picture

Intel Xeon E5-2697 v4 2.3GHz 18-Core Processor CPU LGA2011 SR2JV

$49.99



AMD Ryzen 7 5700G Processor (4.6 GHz, 8 Core, 16 thread, Socket AM4) with cooler picture

AMD Ryzen 7 5700G Processor (4.6 GHz, 8 Core, 16 thread, Socket AM4) with cooler

$120.00



Discussions

No Discussions have been posted on this vulnerability.