PT-2008-6459 · Php Fusion · Php-Fusion
Irk4Z
·
Published
2008-12-05
·
Updated
2017-09-29
·
CVE-2008-5335
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic quotes gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005-3159, CVE-2005-4005, and CVE-2006-2459.
Exploit
Fix
RCE
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Php-Fusion