Published: 22/04/2010 Updated: 10/10/2018

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php.

Vulnerable Product	Search on Vulmon	Subscribe to Product
glfusion glfusion
glfusion glfusion 1.1.0
glfusion glfusion 1.1.1
glfusion glfusion 1.0.0
glfusion glfusion 1.0.1

<?php /* glFusion <= 112 COM_applyFilter()/order sql injection exploit by Nine:Situations:Group::bookoo working against Mysql >= 41 phpini independent our site: retrogodaltervistaorg/ software site: wwwglfusionorg/ google dork: "Page created in" "seconds by g ...

CWE-89 http://secunia.com/advisories/34519 http://osvdb.org/52984 http://www.glfusion.org/article.php/security_20090329 http://www.securityfocus.com/bid/34281 https://exchange.xforce.ibmcloud.com/vulnerabilities/49498 http://www.exploit-db.com/exploits/8302 http://www.securityfocus.com/archive/1/502260/100/0/threaded https://nvd.nist.gov https://www.exploit-db.com/exploits/8302/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-4796

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect