header-logo
Suggest Exploit
vendor:
PHP-Fusion
by:
SecurityFocus
4.3
CVSS
MEDIUM
Information Disclosure
200
CWE
Product Name: PHP-Fusion
Affected Version From: PHP-Fusion 4
Affected Version To: PHP-Fusion 4
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

PHP-Fusion Information Disclosure Vulnerability

PHP-Fusion is reportedly affected by an information disclosure vulnerability. This issue is due to the application failing to properly sanitize user-supplied input. It is reported that an attacker could leverage this vulnerability to view any thread of protected forums on an affected version of the application. All PHP-Fusion 4 versions are reportedly affected by this vulnerability; earlier versions may also be vulnerable.

Mitigation:

Input validation should be used to ensure that user-supplied input is properly sanitized.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12482/info

PHP-Fusion is reportedly affected by an information disclosure vulnerability. This issue is due to the application failing to properly sanitize user-supplied input.

It is reported that an attacker could leverage this vulnerability to view any thread of protected forums on an affected version of the application. All PHP-Fusion 4 versions are reportedly affected by this vulnerability; earlier versions may also be vulnerable. 

http://www.example.com/fusion_forum/viewthread.php?forum_id=10000&forum_cat=100000&thread_id=2

Navigation

Suggest Exploit

Services By CQR