CVE-2006-4673

2006-09-11T16:04:00
ID CVE-2006-4673
Type cve
Reporter cve@mitre.org
Modified 2017-07-20T01:33:00

Description

Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php. Successful exploitation requires that "register_globals" and "magic_quotes_gpc" are disabled. This vulnerability is addressed in the following product release: PHP-Fusion, PHP_Fusion, 6.01.5