Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and previous versions uses the extract function on the superglobals, which allows remote malicious users to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
php fusion php fusion 6.0.105 |
||
php fusion php fusion 6.0.106 |
||
php fusion php fusion 6.0.306 |
||
php fusion php fusion 6.0.307 |
||
php fusion php fusion 6.0.110 |
||
php fusion php fusion 6.0.204 |
||
php fusion php fusion 6.0.206 |
||
php fusion php fusion 6.0.107 |
||
php fusion php fusion 6.0.109 |
||
php fusion php fusion |
||
php fusion php fusion 6.0.303 |
||
php fusion php fusion 6.0.304 |