Falk

**Name of the Vulnerable Software and Affected Versions** PHP-Fusion versions 6.01.4 and earlier **Description** The issue allows remote attackers to conduct SQL injection attacks. This is due to a global variable overwrite vulnerability in maincore.php, which uses the extract function on superglobals. The vulnerability can be exploited via the ` SERVER[REMOTE ADDR]` parameter to news.php. **Recommendations** For PHP-Fusion versions 6.01.4 and earlier, consider restricting access to the news.php endpoint until a fix is available. As a temporary workaround, avoid using the ` SERVER[REMOTE ADDR]` parameter in the affected API endpoint.