Lucene search
MitreCVELIST:CVE-2020-12461HistoryApr 29, 2020 - 4:14 p.m.
CVE-2020-12461
2020-04-2916:14:26
mitre
www.cve.org
1
PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the members.php members search page. This parameter allows for control over anything after the ORDER BY clause in the SQL query.
References
github.com/php-fusion/PHP-Fusion/commit/79fe5ec1d5c75e017a6f42127741b9543658f822
github.com/php-fusion/PHP-Fusion/commit/858e43d7b0ea1897f76d5bcb3a1aed438132c0e2
github.com/php-fusion/PHP-Fusion/commit/d95cd4a2d22487723266c898b98e6be10754e03d
github.com/php-fusion/PHP-Fusion/issues/2308
hackmd.io/lq7nA3ISSoeiGjiHVn5CoA
Related
prion
prion
Sql injection
2020-04-29 17:15:00
cve
cve
CVE-2020-12461
2020-04-29 17:15:12
nvd
nvd
CVE-2020-12461
2020-04-29 17:15:12
openvas
openvas
PHP-Fusion < 9.03.60 Multiple Vulnerabilities
2020-05-11 00:00:00