PT-2011-1968 · Fusebox · Fusebox
Shamus
·
Publicado
2011-11-02
·
Atualizado
2017-08-29
·
CVE-2010-5033
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Fusebox version 5.5.1
Description
A SQL injection issue allows remote attackers to execute arbitrary SQL commands. The issue is related to the
CatDisplay parameter in the ProductList.cfm file.Recommendations
For Fusebox version 5.5.1, consider restricting access to the ProductList.cfm file or validating and sanitizing the
CatDisplay parameter to prevent SQL injection attacks. As a temporary workaround, avoid using the CatDisplay parameter in the ProductList.cfm file until a patch is available.Exploit
Correção
SQL injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Fusebox