Vulnerabilities > CVE-2005-3159

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

nessus

exploit available

NVD

Published: 2005-10-06

Updated: 2024-02-14

Summary

SQL injection vulnerability in messages.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the msg_view parameter, a different vulnerability than CVE-2005-3157 and CVE-2005-3158.

Vulnerable Configurations

Part	Description	Count
Application	Php_Fusion PHP Fusion PHP Fusion 4.01 PHP Fusion PHP Fusion 6.0.105 PHP Fusion PHP Fusion 4.00 PHP Fusion PHP Fusion 6.0.106 PHP Fusion PHP Fusion 5.0 PHP Fusion PHP Fusion 5.01_Service_Pack	6

Exploit-Db

description	PHP-Fusion 4.0/5.0/6.0 Messages.PHP SQL Injection Vulnerability. CVE-2005-3159. Webapps exploit for php platform
id	EDB-ID:26102
last seen	2016-02-03
modified	2005-08-06
published	2005-08-06
reporter	almaster
source	https://www.exploit-db.com/download/26102/
title	PHP-Fusion 4.0/5.0/6.0 Messages.PHP SQL Injection Vulnerability

Nessus

NASL family	CGI abuses
NASL id	PHP_FUSION_BBCODE_COLOR_XSS.NASL
description	According to its banner, the remote host is running a version of PHP-Fusion that suffers from multiple vulnerabilities : - SQL Injection Vulnerability The application fails to sanitize user-supplied input to the
last seen	2020-06-01
modified	2020-06-02
plugin id	19311
published	2005-07-29
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/19311
title	PHP-Fusion <= 6.00.106 Multiple Vulnerabilities
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(19311); script_version("1.23"); script_cvs_date("Date: 2018/11/15 20:50:18"); script_cve_id("CVE-2005-2401", "CVE-2005-3159"); script_bugtraq_id(14332, 14489); script_name(english:"PHP-Fusion <= 6.00.106 Multiple Vulnerabilities"); script_summary(english:"Checks version of PHP-Fusion"); script_set_attribute( attribute:"synopsis", value: "The remote web server hosts an application that is affected by multiple vulnerabilities." ); script_set_attribute( attribute:"description", value: "According to its banner, the remote host is running a version of PHP-Fusion that suffers from multiple vulnerabilities : - SQL Injection Vulnerability The application fails to sanitize user-supplied input to the 'msg_view' parameter of the 'messages.php' script before using it in database queries. Exploitation requires that an attacker first authenticate and that PHP's 'magic_quotes_gpc' be disabled. - HTML Injection Vulnerability An attacker can inject malicious CSS (Cascading Style Sheets) codes through [color] tags, thereby affecting how the site is rendered whenever users view specially crafted posts." ); script_set_attribute(attribute:"see_also", value:"https://www.php-fusion.co.uk/infusions/news/news.php?readmore=244" ); script_set_attribute(attribute:"see_also", value:"https://www.php-fusion.co.uk/infusions/news/news.php?readmore=247" ); script_set_attribute( attribute:"solution", value: "Upgrade to PHP-Fusion 6.00.107 or later or apply the patches in the vendor's advisories referenced above." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No exploit is required"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/29"); script_set_attribute(attribute:"vuln_publication_date", value:"2005/07/20"); script_set_attribute(attribute:"patch_publication_date", value:"2005/08/15"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:php_fusion:php_fusion"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc."); script_dependencies("php_fusion_detect.nasl"); script_exclude_keys("Settings/disable_cgi_scanning"); script_require_ports("Services/www", 80); script_require_keys("www/PHP", "www/php_fusion"); exit(0); } include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("webapp_func.inc"); include("audit.inc"); port = get_http_port(default:80, php:TRUE); # Test an install. install = get_install_from_kb( appname : "php_fusion", port : port, exit_on_fail : TRUE ); dir = install["dir"]; ver = install["ver"]; if (ver =~ "^([45][.,]\|6[.,]00[.,](0\|10[0-6]))") { security_warning(port); set_kb_item(name: 'www/'+port+'/XSS', value: TRUE); set_kb_item(name: 'www/'+port+'/SQLInjection', value: TRUE); exit(0); } else audit(AUDIT_WEB_APP_NOT_AFFECTED, "PHP-Fusion", build_url(qs:dir, port:port), ver);

Vulnerabilities > CVE-2005-3159 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2005-3159"}]}

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References

Vulnerabilities > CVE-2005-3159