6.0.206

DATE	CVE	VULNERABILITY TITLE	RISK
2006-09-11	CVE-2006-4673	SQL Injection vulnerability in PHP-Fusion News.PHP Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php. network high complexity php-fusion	2.6

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.