PHP-Fusion faq.php cat_id Variable SQL Injection

2005-10-06T04:45:44
ID OSVDB:19867
Type osvdb
Reporter Andreas Sandblad(as@secunia.com)
Modified 2005-10-06T04:45:44

Description

Vulnerability Description

PHP-Fusion contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'faq.php' script not properly sanitizing user-supplied input to the 'cat_id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.

Technical Description

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.

Solution Description

Upgrade to version 6.00.110 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

PHP-Fusion contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'faq.php' script not properly sanitizing user-supplied input to the 'cat_id' variable. This may allow a remote attacker to inject or manipulate SQL queries in the backend database.

References:

Vendor URL: http://www.php-fusion.co.uk/ Security Tracker: 1015013 Secunia Advisory ID:17055 Related OSVDB ID: 19866 Other Advisory URL: http://secunia.com/secunia_research/2005-52/advisory/ Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0130.html ISS X-Force ID: 22532 Bugtraq ID: 15018