Published: 23/04/2008 Updated: 29/09/2017

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

VMScore: 610

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action. NOTE: it was later reported that 7.00.2 is also affected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
php-fusion php-fusion 6.01.14
php-fusion php-fusion 6.00.307

#!/usr/bin/python """ #=================================================================================================# # ____ __________ __ ____ __ # # /_ | ____ |__\_____ \ _____/ |_ /_ |/ |_ # # | |/ ...

#!/usr/bin/perl -w # ------------------------------------------------------- # PHP-Fusion <= 7002 Remote Blind SQL Injection Exploit # by athos - staker[at]hotmail[dot]it # download on php-fusioncouk # ------------------------------------------------------- # Usage: # perl xplpl host/path prefix user_id user_pwd target_id # perl xpl ...

CWE-89 http://www.php-fusion.co.uk/news.php http://www.securityfocus.com/bid/28855 http://secunia.com/advisories/29930 http://osvdb.org/51052 http://secunia.com/advisories/33295 http://www.vupen.com/english/advisories/2008/1318/references https://exchange.xforce.ibmcloud.com/vulnerabilities/47610 https://exchange.xforce.ibmcloud.com/vulnerabilities/41914 https://www.exploit-db.com/exploits/7576 https://www.exploit-db.com/exploits/5470 https://nvd.nist.gov https://www.exploit-db.com/exploits/5470/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-1918

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect