CVE-2005-4005

Name of the Vulnerable Software and Affected Versions PHP-Fusion version 6.00.109

Description The issue allows remote attackers to obtain path information and possibly execute arbitrary SQL commands. This is achieved via the srch text parameter in a Search and Sort option to "messages.php" API endpoint.

Recommendations For PHP-Fusion version 6.00.109, consider restricting access to the srch text parameter in the "messages.php" endpoint until a patch is available. As a temporary workaround, avoid using the srch text parameter in the affected API endpoint until the issue is resolved.