CVE-2020-12461 - OpenCVE

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the members.php members search page. This parameter allows for control over anything after the ORDER BY clause in the SQL query.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Php-fusion	Php-fusion

Configuration 1 [-]

cpe:2.3:a:php-fusion:php-fusion:9.03.50:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/php-fusion/PHP-Fusion/commit/79fe5ec1d5c75e017a6f42127741b9543658f822	Patch Third Party Advisory
https://github.com/php-fusion/PHP-Fusion/commit/858e43d7b0ea1897f76d5bcb3a1aed438132c0e2	Patch Third Party Advisory
https://github.com/php-fusion/PHP-Fusion/commit/d95cd4a2d22487723266c898b98e6be10754e03d	Patch Third Party Advisory
https://github.com/php-fusion/PHP-Fusion/issues/2308	Exploit Third Party Advisory
https://hackmd.io/lq7nA3ISSoeiGjiHVn5CoA	Exploit Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-04-29T16:14:26

Updated: 2020-04-29T16:14:26

Reserved: 2020-04-29T00:00:00

Link: CVE-2020-12461

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-04-29T17:15:12.113

Modified: 2020-05-05T15:28:43.940

Link: CVE-2020-12461

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the members.php members search page. This parameter allows for control over anything after the ORDER BY clause in the SQL query."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-29T16:14:26", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://hackmd.io/lq7nA3ISSoeiGjiHVn5CoA"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/php-fusion/PHP-Fusion/issues/2308"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/php-fusion/PHP-Fusion/commit/858e43d7b0ea1897f76d5bcb3a1aed438132c0e2"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/php-fusion/PHP-Fusion/commit/d95cd4a2d22487723266c898b98e6be10754e03d"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/php-fusion/PHP-Fusion/commit/79fe5ec1d5c75e017a6f42127741b9543658f822"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-12461", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the members.php members search page. This parameter allows for control over anything after the ORDER BY clause in the SQL query."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://hackmd.io/lq7nA3ISSoeiGjiHVn5CoA", "refsource": "MISC", "url": "https://hackmd.io/lq7nA3ISSoeiGjiHVn5CoA"}, {"name": "https://github.com/php-fusion/PHP-Fusion/issues/2308", "refsource": "MISC", "url": "https://github.com/php-fusion/PHP-Fusion/issues/2308"}, {"name": "https://github.com/php-fusion/PHP-Fusion/commit/858e43d7b0ea1897f76d5bcb3a1aed438132c0e2", "refsource": "MISC", "url": "https://github.com/php-fusion/PHP-Fusion/commit/858e43d7b0ea1897f76d5bcb3a1aed438132c0e2"}, {"name": "https://github.com/php-fusion/PHP-Fusion/commit/d95cd4a2d22487723266c898b98e6be10754e03d", "refsource": "MISC", "url": "https://github.com/php-fusion/PHP-Fusion/commit/d95cd4a2d22487723266c898b98e6be10754e03d"}, {"name": "https://github.com/php-fusion/PHP-Fusion/commit/79fe5ec1d5c75e017a6f42127741b9543658f822", "refsource": "MISC", "url": "https://github.com/php-fusion/PHP-Fusion/commit/79fe5ec1d5c75e017a6f42127741b9543658f822"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-12461", "datePublished": "2020-04-29T16:14:26", "dateReserved": "2020-04-29T00:00:00", "dateUpdated": "2020-04-29T16:14:26", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:php-fusion:php-fusion:9.03.50:*:*:*:*:*:*:*", "matchCriteriaId": "0AB488D1-637D-4E18-A136-036994F7035F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the members.php members search page. This parameter allows for control over anything after the ORDER BY clause in the SQL query."}, {"lang": "es", "value": "PHP-Fusion versi\u00f3n 9.03.50, permite una inyecci\u00f3n SQL porque el archivo maincore.php posee un mecanismo de protecci\u00f3n insuficiente. Un atacante puede desarrollar una carga \u00fatil especialmente dise\u00f1ada que se puede insertar en el par\u00e1metro GET sort_order en la p\u00e1gina de b\u00fasqueda de miembros members.php. Este par\u00e1metro permite el control sobre cualquier cosa despu\u00e9s de la cl\u00e1usula ORDER BY en la consulta SQL."}], "id": "CVE-2020-12461", "lastModified": "2020-05-05T15:28:43.940", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-29T17:15:12.113", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/php-fusion/PHP-Fusion/commit/79fe5ec1d5c75e017a6f42127741b9543658f822"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/php-fusion/PHP-Fusion/commit/858e43d7b0ea1897f76d5bcb3a1aed438132c0e2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/php-fusion/PHP-Fusion/commit/d95cd4a2d22487723266c898b98e6be10754e03d"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/php-fusion/PHP-Fusion/issues/2308"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://hackmd.io/lq7nA3ISSoeiGjiHVn5CoA"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}