Vulnerabilities > CVE-2005-4005 - SQL Injection vulnerability in PHP Fusion PHP Fusion 6.00.109

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
php-fusion
exploit available
NVD
Published: 2005-12-05
Updated: 2011-03-08

Summary

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php.

Vulnerable Configurations

Part Description Count
Application
Php_Fusion
1

Exploit-Db

descriptionPHP-Fusion 6.0.109 Messages.PHP SQL Injection Vulnerability. CVE-2005-4005. Webapps exploit for php platform
idEDB-ID:26706
last seen2016-02-03
modified2005-12-03
published2005-12-03
reporterNolan West
sourcehttps://www.exploit-db.com/download/26706/
titlePHP-Fusion 6.0.109 Messages.PHP SQL Injection Vulnerability

References