Vulnerabilities > CVE-2006-2459 - SQL Injection vulnerability in PHP Fusion PHP Fusion 6.00.306/6.00.307

047910
CVSS 6.4 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
php-fusion
exploit available

Summary

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter.

Vulnerable Configurations

Part Description Count
Application
Php_Fusion
2

Exploit-Db

descriptionPHP-Fusion <= 6.00.306 (srch_where) SQL Injection Exploit. CVE-2006-2459. Webapps exploit for php platform
idEDB-ID:1796
last seen2016-01-31
modified2006-05-16
published2006-05-16
reporterrgod
sourcehttps://www.exploit-db.com/download/1796/
titlePHP-Fusion <= 6.00.306 srch_where SQL Injection Exploit