PHP-Fusion Multiple Input Validation Vulnerabilities

PHP-Fusion is prone to multiple input-validation vulnerabilities including:

1. Multiple local file-include vulnerabilities
2. Multiple SQL-injection vulnerabilities
3. Multiple cross-site-scripting vulnerabilities

Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, obtain sensitive information, execute arbitrary local scripts, access or modify data, or exploit latent vulnerabilities in the underlying database.

PHP-Fusion 7.02.05 is vulnerable; other versions may also be affected.


Privacy Statement
Copyright 2010, SecurityFocus