Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Php-fusion
  • Php-fusion

Configuration 1 [-]

cpe:2.3:a:php-fusion:php-fusion:7.02.07:*:*:*:*:*:*:*
References
Link Resource
http://osvdb.org/show/osvdb/112419
http://packetstormsecurity.com/files/129053/PHP-Fusion-7.02.07-SQL-Injection.html Exploit
http://packetstormsecurity.com/files/133869/PHP-Fusion-7.02.07-Blind-SQL-Injection.html
http://seclists.org/fulldisclosure/2015/Oct/23
http://www.exploit-db.com/exploits/35206 Exploit
http://www.securityfocus.com/bid/71053
https://exchange.xforce.ibmcloud.com/vulnerabilities/98583
https://www.xlabs.com.br/blog/?p=282 Exploit
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-11-17T16:00:00

Updated: 2017-10-02T18:57:01

Reserved: 2014-11-04T00:00:00

Link: CVE-2014-8596

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2014-11-17T16:59:06.370

Modified: 2017-10-03T01:29:00.450

Link: CVE-2014-8596

JSON object: View

cve-icon Redhat Information

No data.

CWE