icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

PHP-Fusion Database Multiple Vulnerabilities

High

Synopsis

The remote host is running a version of PHP-Fusion that is prone to a SQL injection issue.

Description

The remote host is running a version of PHP-Fusion that is prone to a SQL injection issue. In versions prior to and including 4.01, an attacker may be able to manipulate and obtain potentially confidential data. In addition, there is also a flaw in the way that this version of PHP-Fusion handles upload code. An attacker exploiting this flaw would be able to upload malicious code that would then be run by unsuspecting web users. Finally, there is a flaw in the way that PHP-Fusion handles user-supplied input via the forum_search.php script. An attacker can potentially read confidential data from protected areas of the server.

Solution

Upgrade or patch according to vendor recommendations.