Detections
Analytics
PHP-Fusion < 6.00.110 Multiple Scripts SQL Injection
medium Nessus Plugin ID 20009
Language:
Synopsis
The remote host contains several PHP scripts that are vulnerable to SQL injection flaws.Description
The remote version of this software is vulnerable to multiple SQL injection attacks due to its failure to properly sanitize certain parameters. Provided PHP's 'magic_quotes_gpc' setting is disabled, these flaws allow an attacker to manipulate database queries, which may result in the disclosure or modification of data.Solution
Update to at least version 6.00.110 of PHP-Fusion.See Also
https://seclists.org/bugtraq/2005/Oct/51
https://secuniaresearch.flexerasoftware.com/secunia_research/2005-52/advisory
Plugin Details
Severity: Medium
ID: 20009
File Name: php_fusion_6_00_110.nasl
Version: 1.20
Type: remote
Family: CGI abuses
Published: 10/12/2005
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.6
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5.9
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: cpe:/a:php_fusion:php_fusion
Required KB Items: www/php_fusion
Exploit Ease: No exploit is required
Patch Publication Date: 10/5/2005
Vulnerability Publication Date: 7/28/2005
Reference Information
CVE: CVE-2005-3157, CVE-2005-3158, CVE-2005-3160, CVE-2005-3161