PHP-Fusion Multiple Submit Field XSS

2004-09-30T07:41:37
ID OSVDB:10439
Type osvdb
Reporter r0ut3r()
Modified 2004-09-30T07:41:37

Description

Vulnerability Description

PHP-Fusion contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "Submit News", "Submit Link", and "Submit Article" input fields are not verified properly and will allow an attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Edit the source code and provide proper input validation and cleansing.

Short Description

PHP-Fusion contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "Submit News", "Submit Link", and "Submit Article" input fields are not verified properly and will allow an attacker to inject or manipulate SQL queries.

References:

Vendor URL: http://sourceforge.net/projects/php-fusion/ Secunia Advisory ID:12686 Related OSVDB ID: 10437 Related OSVDB ID: 10438 ISS X-Force ID: 17548 CVE-2004-2438 Bugtraq ID: 11296