CVE-2005-4517

Name of the Vulnerable Software and Affected Versions PHP-Fusion versions 6.00.200 through 6.00.300

Description The issue allows remote attackers to execute arbitrary SQL commands via the ratings parameter in multiple scripts, such as "ratings include.php". This can lead to unauthorized access and manipulation of database content.

Recommendations For PHP-Fusion versions 6.00.200 through 6.00.300, update to a version that includes a fix for this issue to prevent SQL injection attacks. As a temporary workaround, consider restricting access to the ratings include.php script and avoiding the use of the ratings parameter until a patch is available.