Vulnerabilities > CVE-2006-4673 - SQL Injection vulnerability in PHP-Fusion News.PHP
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php. Successful exploitation requires that "register_globals" and "magic_quotes_gpc" are disabled. This vulnerability is addressed in the following product release: PHP-Fusion, PHP_Fusion, 6.01.5
Vulnerable Configurations
Exploit-Db
description | PHP-Fusion 6.0.x News.PHP SQL Injection Vulnerability. CVE-2006-4673. Webapps exploit for php platform |
id | EDB-ID:28496 |
last seen | 2016-02-03 |
modified | 2006-09-07 |
published | 2006-09-07 |
reporter | rgod |
source | https://www.exploit-db.com/download/28496/ |
title | PHP-Fusion 6.0.x News.PHP SQL Injection Vulnerability |
Nessus
NASL family | CGI abuses |
NASL id | PHP_FUSION_EXTRACT_SQL_INJECTIONS.NASL |
description | The version of PHP-Fusion on the remote host supports registering variables from user-supplied input in the event that PHP |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22316 |
published | 2006-09-08 |
reporter | This script is Copyright (C) 2006-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22316 |
title | PHP-Fusion extract() Global Variable Overwriting |
code |
|
References
- http://marc.info/?l=bugtraq&m=115765187519458&w=2
- http://retrogod.altervista.org/phpfusion_6-01-4_xpl.html
- http://secunia.com/advisories/21830
- http://www.php-fusion.co.uk/news.php?readmore=353
- http://www.securityfocus.com/bid/19908
- http://www.vupen.com/english/advisories/2006/3523
- https://exchange.xforce.ibmcloud.com/vulnerabilities/28818