ID de Prueba:	1.3.6.1.4.1.25623.1.0.200010
Categoría:	Web application abuses
Título:	PHP-Fusion <= 6.00.206 Forum SQL Injection Vulnerability
Resumen:	A vulnerability is reported in the forum module of PHP-Fusion; 6.00.206 and some early released versions.
Descripción:	Summary: A vulnerability is reported in the forum module of PHP-Fusion 6.00.206 and some early released versions. Vulnerability Insight: The failure exists because the application does not properly sanitize user-supplied input in 'options.php' and 'viewforum.php' before using it in the SQL query, and magic_quotes_gpc is set to off. Vulnerability Impact: When the forum module is activated, a registered user can execute arbitrary SQL injection commands. Solution: Apply the patch from the php-fusion main site. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-3740 BugTraq ID: 15502 http://www.securityfocus.com/bid/15502 Bugtraq: 20051118 PHP-Fusion <= 6.00.206 Multiple Vulnerabilities (Google Search) http://seclists.org/lists/bugtraq/2005/Nov/0232.html Bugtraq: 20051119 Re: PHP-Fusion <= 6.00.206 Multiple Vulnerabilities (Google Search) http://seclists.org/lists/bugtraq/2005/Nov/0237.html http://myblog.it-security23.net/advisories/advisory-6.txt http://www.osvdb.org/20991 http://www.osvdb.org/20992 http://secunia.com/advisories/17664 http://www.vupen.com/english/advisories/2005/2504
Copyright	Copyright (C) 2008 Ferdy Riphagen

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.