TITLE: PHP-Fusion "maincore.php" SQL Injection Vulnerability
SECUNIA ADVISORY ID: SA21830
VERIFY ADVISORY: http://secunia.com/advisories/21830/
CRITICAL: Moderately critical
IMPACT: Manipulation of data
WHERE: >From remote
SOFTWARE: PHP-Fusion 6.x - http://secunia.com/product/5291/
DESCRIPTION: A vulnerability has been reported in PHP-Fusion, which can be exploited by malicious people to conduct SQL injection attacks. The vulnerability is caused due to an error within the super globals extraction in maincore.php, which can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "register_globals" and "magic_quotes_gpc" is disabled.
SOLUTION: Update to version 6.01.5. - http://www.php-fusion.co.uk/downloads.php
PROVIDED AND/OR DISCOVERED BY: rgod
PHP-Fusion *maincore.php* SQL Injection VulnerabilityPosted on Friday, September 08, 2006 @ 12:32:35 UTC in Security |
Related
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
