Back to search
CVE-2008-1918
Published: Apr 22, 2008
Modified: Aug 7, 2024
PUBLISHED
Description
SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action. NOTE: it was later reported that 7.00.2 is also affected.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
33295
third-party-advisory
x_refsource_SECUNIA
http://www.php-fusion.co.uk/news.php
x_refsource_CONFIRM
phpfusion-submit-sql-injection(41914)
vdb-entry
x_refsource_XF
5470
exploit
x_refsource_EXPLOIT-DB
ADV-2008-1318
vdb-entry
x_refsource_VUPEN
7576
exploit
x_refsource_EXPLOIT-DB
29930
third-party-advisory
x_refsource_SECUNIA
28855
vdb-entry
x_refsource_BID
51052
vdb-entry
x_refsource_OSVDB
phpfusion-submitinfo-sql-injection(47610)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now