Subject: Secunia Research: PHP-Fusion Two SQL Injection Vulnerabilities
From: Secunia Research <vuln@secunia.com.>
Reply-To: [email protected]
To: [email protected]
Cc: [email protected]
Content-Type: text/plain
Organization: Secunia
Date: Thu, 06 Oct 2005 11:55:09 +0200
Message-Id: <1128592509.19367.127.camel@ts2.intnet.>
Mime-Version: 1.0
X-Mailer: Evolution 2.0.2 (2.0.2-16.3)
Content-Transfer-Encoding: 7bit
X-Virus-Scanned: antivirus-gw at tyumen.ru
Secunia Research 06/10/2005
- PHP-Fusion Two SQL Injection Vulnerabilities -
Table of Contents
Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerabilities.......................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
About Secunia........................................................8
Verification.........................................................9
1) Affected Software
PHP-Fusion 6.00.109
Other versions may also be affected.
2) Severity
Rating: Moderately critical
Impact: Manipulation of data
Where: Remote
3) Vendor's Description of Software
A light-weight open-source content management system (CMS) written
in PHP.
Product link:
http://www.php-fusion.co.uk/
4) Description of Vulnerabilities
Secunia Research has discovered two vulnerabilities in PHP-Fusion,
which can be exploited by malicious people to conduct SQL injection
attacks.
Input passed to the "activate" parameter in "register.php" and the
"cat_id" parameter in "faq.php" isn't properly sanitised before being
used in a SQL query. This can be exploited to manipulate SQL queries
by injecting arbitrary SQL code.
Successful exploitation requires that "magic_quotes_gpc" is disabled.
The vulnerabilities have been confirmed in version 6.00.109. Other
versions may also be affected.
5) Solution
Update to version 6.00.110.
http://www.php-fusion.co.uk/downloads.php?cat_id=3
6) Time Table
04/10/2005 - Vulnerabilities discovered.
05/10/2005 - Vendor notified.
05/10/2005 - Vendor confirms vulnerabilities.
06/10/2005 - Public disclosure.
7) Credits
Discovered by Andreas Sandblad, Secunia Research.
8) About Secunia
Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia website:
http://secunia.com/
Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.
Secunia offers a FREE mailing list called Secunia Security Advisories:
http://secunia.com/secunia_security_advisories/
9) Verification
Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2005-52/advisory/
