Vulnerabilities > CVE-2005-1596 - Unspecified vulnerability in Fusion SBX
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
index.php in Fusion SBX 1.2 and earlier does not properly use the extract function, which allows remote attackers to bypass authentication by setting the is_logged parameter or execute arbitrary code via the maxname2 parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://secunia.com/advisories/15257
- http://secunia.com/advisories/15257
- http://www.exploits.co.in/Article1134.html
- http://www.exploits.co.in/Article1134.html
- http://www.osvdb.org/16216
- http://www.osvdb.org/16216
- http://www.osvdb.org/16217
- http://www.osvdb.org/16217
- http://www.securiteam.com/exploits/5OP042KFPU.html
- http://www.securiteam.com/exploits/5OP042KFPU.html
- http://www.vupen.com/english/advisories/2005/0508
- http://www.vupen.com/english/advisories/2005/0508
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20531
- https://exchange.xforce.ibmcloud.com/vulnerabilities/20531