Information disclosure

Group-Office before 2.16-13 does not properly validate user IDs, which allows remote attackers to obtain sensitive information via certain requests for 1 message.php and 2 messages.php in modules/email/. NOTE: some of these details are obtained from third party information...

CVE-2006-3241

Cross-site scripting XSS vulnerability in messages.php in XennoBB 1.0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the tid parameter...

Sql injection

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srchwhere parameter...

CVE-2006-2459

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srchwhere parameter...

CVE-2006-2459

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srchwhere parameter...

CVE-2005-4005

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srchtext parameter in a Search and Sort option to messages.php...

CVE-2005-4005

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srchtext parameter in a Search and Sort option to messages.php...

PHP-Fusion v6.00.109 SQL Injection and Info. Disclosure

In the latest version of PHP-Fusion, the content management system by Digitanium php-fusion.co.uk, there is an SQL Error in messages.php that reveals path names and a table name, and someone could possibly manipulate the SQL database. The error is as follows, it is with the Search and Sort option...

CVE-2005-3877

Multiple SQL injection vulnerabilities in Simple Document Management System SDMS 2.0-CVS and earlier allow remote attackers to execute arbitrary SQL commands via the 1 folderid parameter in list.php and 2 mid parameter in a view action to messages.php...

CVE-2005-3159

CVE-2005-3159 is a SQL injection vulnerability in PHP-Fusion, specifically in messages.php where the msg_view parameter can be exploited to execute arbitrary SQL. It is described as a different vulnerability from CVE-2005-3157 and CVE-2005-3158, and is rated HIGH (CVSS v2 base score 7.5) with net...

PT-2005-3982 · Php Fusion · Php-Fusion

SQL injection vulnerability in messages.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the msg view parameter, a different vulnerability than CVE-2005-3157 and CVE-2005-3158...

PHP-Fusion 4.05.06.0 - messages.php SQL Injection

PHP-Fusion 4.05.06.0 - messages.php SQL Injection source: https://www.securityfocus.com/bid/14489/info PHP-Fusion is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'messages.php' script before using it in ...

PHP-Fusion 4.0/5.0/6.0 - 'messages.php' SQL Injection

source: https://www.securityfocus.com/bid/14489/info PHP-Fusion is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input to the 'messages.php' script before using it in an SQL query. Successful exploitation could result...