[<prev] [next>] [day] [month] [year] [list]
Message-ID: <CHILKAT-MID-f17803d4-8aec-428e-8155-8926f79174ba@George_NewPC.Redsoft-2000.com>
Date: Thu, 06 Oct 2005 12:54:33 -0400
From: vuln@...unia.com
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Secunia Research: PHP-Fusion Two SQL Injection
Vulnerabilities
======================================================================
Secunia Research 06/10/2005
- PHP-Fusion Two SQL Injection Vulnerabilities -
======================================================================
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerabilities.......................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
About Secunia........................................................8
Verification.........................................................9
======================================================================
1) Affected Software
PHP-Fusion 6.00.109
Other versions may also be affected.
======================================================================
2) Severity
Rating: Moderately critical
Impact: Manipulation of data
Where: Remote
======================================================================
3) Vendor's Description of Software
A light-weight open-source content management system (CMS) written
in PHP.
Product link:
http://www.php-fusion.co.uk/
======================================================================
4) Description of Vulnerabilities
Secunia Research has discovered two vulnerabilities in PHP-Fusion,
which can be exploited by malicious people to conduct SQL injection
attacks.
Input passed to the "activate" parameter in "register.php" and the
"cat_id" parameter in "faq.php" isn't properly sanitised before being
used in a SQL query. This can be exploited to manipulate SQL queries
by injecting arbitrary SQL code.
Successful exploitation requires that "magic_quotes_gpc" is disabled.
The vulnerabilities have been confirmed in version 6.00.109. Other
versions may also be affected.
======================================================================
5) Solution
Update to version 6.00.110.
http://www.php-fusion.co.uk/downloads.php?cat_id=3
======================================================================
6) Time Table
04/10/2005 - Vulnerabilities discovered.
05/10/2005 - Vendor notified.
05/10/2005 - Vendor confirms vulnerabilities.
06/10/2005 - Public disclosure.
======================================================================
7) Credits
Discovered by Andreas Sandblad, Secunia Research.
======================================================================
8) About Secunia
Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia website:
http://secunia.com/
Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/secunia_security_advisories/
======================================================================
9) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2005-52/advisory/
======================================================================
View attachment "GWAVADAT.TXT" of type "text/plain" (39 bytes)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists