PHP-Fusion Database Multiple Vulnerabilities
High Nessus Network Monitor Plugin ID 2352
SynopsisThe remote host is running a version of PHP-Fusion that is prone to a SQL injection issue.
DescriptionThe remote host is running a version of PHP-Fusion that is prone to a SQL injection issue. In versions prior to and including 4.01, an attacker may be able to manipulate and obtain potentially confidential data. In addition, there is also a flaw in the way that this version of PHP-Fusion handles upload code. An attacker exploiting this flaw would be able to upload malicious code that would then be run by unsuspecting web users. Finally, there is a flaw in the way that PHP-Fusion handles user-supplied input via the forum_search.php script. An attacker can potentially read confidential data from protected areas of the server.
SolutionUpgrade or patch according to vendor recommendations.