Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

PHP-Fusion Database Multiple Vulnerabilities

High

Synopsis

The remote host is running a version of PHP-Fusion that is prone to a SQL injection issue.

Description

The remote host is running a version of PHP-Fusion that is prone to a SQL injection issue. In versions prior to and including 4.01, an attacker may be able to manipulate and obtain potentially confidential data. In addition, there is also a flaw in the way that this version of PHP-Fusion handles upload code. An attacker exploiting this flaw would be able to upload malicious code that would then be run by unsuspecting web users. Finally, there is a flaw in the way that PHP-Fusion handles user-supplied input via the forum_search.php script. An attacker can potentially read confidential data from protected areas of the server.

Solution

Upgrade or patch according to vendor recommendations.