CVE-2006-4673
The CVE-2006-4673 entry concerns PHP-Fusion 6.01.4 and earlier, where maincore.php applies extract() to superglobals. This enables a global-variable overwriting flaw that can lead to SQL injection via the _SERVER[REMOTE_ADDR] parameter to news.php. The vulnerability arises from unrestricted varia...