CVE-2005-4005

EPSS 1.3%

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php.

Affected products

n/a · n/a

public PoCs found — 1

exploitdbwww.exploit-db.com/exploits/26706unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://secunia.com/advisories/17871 http://securityreason.com/securityalert/31 http://www.osvdb.org/21415 http://www.securityfocus.com/archive/1/418512 http://www.securityfocus.com/bid/15698 http://www.vupen.com/english/advisories/2005/2730