Test Kennung:	1.3.6.1.4.1.25623.1.0.200010
Kategorie:	Web application abuses
Titel:	PHP-Fusion <= 6.00.206 Forum SQL Injection Vulnerability
Zusammenfassung:	A vulnerability is reported in the forum module of PHP-Fusion; 6.00.206 and some early released versions.
Beschreibung:	Summary: A vulnerability is reported in the forum module of PHP-Fusion 6.00.206 and some early released versions. Vulnerability Insight: The failure exists because the application does not properly sanitize user-supplied input in 'options.php' and 'viewforum.php' before using it in the SQL query, and magic_quotes_gpc is set to off. Vulnerability Impact: When the forum module is activated, a registered user can execute arbitrary SQL injection commands. Solution: Apply the patch from the php-fusion main site. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	BugTraq ID: 15502 Common Vulnerability Exposure (CVE) ID: CVE-2005-3740 http://www.securityfocus.com/bid/15502 Bugtraq: 20051118 PHP-Fusion <= 6.00.206 Multiple Vulnerabilities (Google Search) http://seclists.org/lists/bugtraq/2005/Nov/0232.html Bugtraq: 20051119 Re: PHP-Fusion <= 6.00.206 Multiple Vulnerabilities (Google Search) http://seclists.org/lists/bugtraq/2005/Nov/0237.html http://myblog.it-security23.net/advisories/advisory-6.txt http://www.osvdb.org/20991 http://www.osvdb.org/20992 http://secunia.com/advisories/17664 http://www.vupen.com/english/advisories/2005/2504
Copyright	Copyright (C) 2008 Ferdy Riphagen

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.