FusionBB Multiple Vulnerabilities

vendor:

FusionBB

by:

SecurityFocus

8,8

CVSS

HIGH

Local File Include and SQL Injection

94, 89

CWE

Product Name: FusionBB

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: No

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2005

FusionBB Multiple Vulnerabilities

FusionBB is vulnerable to a local file include vulnerability and multiple SQL injection vulnerabilities. The local file include vulnerability allows an attacker to execute arbitrary server-side script code with the privileges of the web server process. The SQL injection vulnerabilities can result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/13939/info

FusionBB is affected by multiple vulnerabilities. These issues arise due to a failure of the application to properly sanitize user-supplied input.

The following specific vulnerabilities were identified:

The application is affected by a local file include vulnerability. The attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access.

FusionBB is prone to multiple SQL injection vulnerabilities as well. These vulnerabilities could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. 

Cookie: bb_session_id=' or user_id = '1; bb_uid=1;