header-logo
Suggest Exploit
vendor:
PHP-Fusion
by:
Not mentioned
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHP-Fusion
Affected Version From: All versions of PHP-Fusion
Affected Version To: Not mentioned
Patch Exists: NO
Related CWE: Not mentioned
CPE: Not mentioned
Metasploit:
Other Scripts:
Platforms Tested: Not mentioned
Not mentioned

SQL Injection vulnerability in PHP-Fusion

The PHP-Fusion application fails to sanitize user-supplied data before using it in an SQL query. This allows an attacker to inject SQL statements into the application, potentially compromising the system and gaining unauthorized access to or modifying data. The attacker could also exploit any latent vulnerabilities in the underlying database.

Mitigation:

To mitigate this vulnerability, it is recommended to implement proper input validation and parameterized queries or prepared statements to prevent SQL injection attacks. Regularly updating the PHP-Fusion application to the latest version is also advised.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/47128/info

PHP-Fusion is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.

Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. 

http://www.example.com/[Path]/articles.php?article_id=-1+union+select+version()--

Navigation

Suggest Exploit

Services By CQR