7 matches found
PHP-Fusion 4.01 'readmore.php' SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/30680/info PHP-Fusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise th...
PHP-Fusion 4.01 SQL Injection
Exploit Title: PHP-Fusion v4.01 SQL INJECTION Vulnerabilities Date: 17/05/2010 Author: Ma3sTr0-Dz Software Link: http://www.php-fusion.co.uk Version: 4.01 CVE : N/A Code : exploit code =======================================================PHP-Fusion v4.01 SQL INJECTION...
Sql injection
SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the newsid parameter...
CVE-2008-5946
The CVE-2008-5946 entry concerns a SQL injection in PHP-Fusion 4.01’s readmore.php, exploitable via the news_id parameter. Affected software/component: PHP-Fusion 4.01 (readmore.php). Root cause: unsafely constructed SQL when handling news_id enables arbitrary SQL execution. Impact: remote attack...
CVE-2004-2438
PHP-Fusion 4.01 is affected by a cross-site scripting (XSS) vulnerability that allows remote attackers to inject arbitrary web script or HTML via the Submit News, Submit Link, or Submit Article fields. The CVE-2004-2438 entry documents this XSS issue across multiple input points but provides limi...
CVE-2004-2438
Cross-site scripting XSS vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the 1 Submit News, 2 Submit Link or 3 Submit Article field...
CVE-2004-2437
SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to 1 index.php or 2 members.php, or 3 the commentid parameter to comments.php...