Published: 11/09/2006 Updated: 20/07/2017

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 265

Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N

Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and previous versions uses the extract function on the superglobals, which allows remote malicious users to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php fusion php fusion 6.0.105
php fusion php fusion 6.0.106
php fusion php fusion 6.0.306
php fusion php fusion 6.0.307
php fusion php fusion 6.0.110
php fusion php fusion 6.0.204
php fusion php fusion 6.0.206
php fusion php fusion 6.0.107
php fusion php fusion 6.0.109
php fusion php fusion
php fusion php fusion 6.0.303
php fusion php fusion 6.0.304

source: wwwsecurityfocuscom/bid/19908/info PHP-Fusion is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the unde ...

NVD-CWE-Other http://retrogod.altervista.org/phpfusion_6-01-4_xpl.html http://www.securityfocus.com/bid/19908 http://secunia.com/advisories/21830 http://www.php-fusion.co.uk/news.php?readmore=353 http://www.vupen.com/english/advisories/2006/3523 http://marc.info/?l=bugtraq&m=115765187519458&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/28818 https://nvd.nist.gov https://www.exploit-db.com/exploits/28496/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-4673

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect