Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Php-fusion
  • Php-fusion

Configuration 1 [-]

cpe:2.3:a:php-fusion:php-fusion:7.02.07:*:*:*:*:*:*:*

No data.

References
Link Providers
http://osvdb.org/show/osvdb/112419 cve-icon cve-icon
http://packetstormsecurity.com/files/129053/PHP-Fusion-7.02.07-SQL-Injection.html cve-icon cve-icon
http://packetstormsecurity.com/files/133869/PHP-Fusion-7.02.07-Blind-SQL-Injection.html cve-icon cve-icon
http://seclists.org/fulldisclosure/2015/Oct/23 cve-icon cve-icon
http://www.exploit-db.com/exploits/35206 cve-icon cve-icon
http://www.securityfocus.com/bid/71053 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/98583 cve-icon cve-icon
https://www.xlabs.com.br/blog/?p=282 cve-icon cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-11-17T16:00:00

Updated: 2024-08-06T13:26:00.832Z

Reserved: 2014-11-04T00:00:00

Link: CVE-2014-8596

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-11-17T16:59:06.370

Modified: 2017-10-03T01:29:00.450

Link: CVE-2014-8596

cve-icon Redhat

No data.