vendor:
PHP-fusion
by:
Saif El-Sherei
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PHP-fusion
Affected Version From: PHP-fusion 7.01..03
Affected Version To: PHP-fusion 7.01..03
Patch Exists: NO
Related CWE: N/A
CPE: a:php-fusion:php-fusion
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Firefox 3.0.15, IE 8
2010
PHP-fusion Team Structure Infusion (All versions) SQL injection
The 'team_id' variable is not sanitized before using in SQL query in 'team.php', allowing an attacker to elevate the attack to bypass PHP-Fusion's GET variable XSS filter by using back-ticks instead of brackets used in any php function in that case shell_exec(). The attack can be further escalated by writing a malicious file to the server.
Mitigation:
Ensure that all user-supplied input is properly sanitized before being used in SQL queries.