PHP-Fusion Multiple Input Validation Vulnerabilities
PHP-Fusion is prone to multiple input-validation vulnerabilities including:
1. Multiple local file-include vulnerabilities
2. Multiple SQL-injection vulnerabilities
3. Multiple cross-site-scripting vulnerabilities
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, obtain sensitive information, execute arbitrary local scripts, access or modify data, or exploit latent vulnerabilities in the underlying database.
PHP-Fusion 7.02.05 is vulnerable; other versions may also be affected.