Ravens PHP Scripts

PHP-Fusion *maincore.php* SQL Injection Vulnerability
Date: Friday, September 08, 2006 @ 12:32:35 CDT
Topic: Security

TITLE: PHP-Fusion "maincore.php" SQL Injection Vulnerability

SECUNIA ADVISORY ID: SA21830

VERIFY ADVISORY: http://secunia.com/advisories/21830/

CRITICAL: Moderately critical

IMPACT: Manipulation of data

WHERE: >From remote

SOFTWARE: PHP-Fusion 6.x - http://secunia.com/product/5291/

DESCRIPTION: A vulnerability has been reported in PHP-Fusion, which can be exploited by malicious people to conduct SQL injection attacks. The vulnerability is caused due to an error within the super globals extraction in maincore.php, which can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "register_globals" and "magic_quotes_gpc" is disabled.

SOLUTION: Update to version 6.01.5. - http://www.php-fusion.co.uk/downloads.php

PROVIDED AND/OR DISCOVERED BY: rgod







This article comes from Ravens PHP Scripts
https://www.ravenphpscripts.com

The URL for this story is:
https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2383