PHP-Fusion Two SQL Injection Vulnerabilities

Advisory Text :

======================================================================

Secunia Research 06/10/2005

- PHP-Fusion Two SQL Injection Vulnerabilities -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerabilities.......................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
About Secunia........................................................8
Verification.........................................................9

======================================================================
1) Affected Software

PHP-Fusion 6.00.109

Other versions may also be affected.

======================================================================
2) Severity

Rating: Moderately critical
Impact: Manipulation of data
Where: Remote

======================================================================
3) Vendor's Description of Software

A light-weight open-source content management system (CMS) written
in PHP.

Product link:
http://www.php-fusion.co.uk/

======================================================================
4) Description of Vulnerabilities

Secunia Research has discovered two vulnerabilities in PHP-Fusion,
which can be exploited by malicious people to conduct SQL injection
attacks.

Input passed to the "activate" parameter in "register.php" and the
"cat_id" parameter in "faq.php" isn't properly sanitised before being
used in a SQL query. This can be exploited to manipulate SQL queries
by injecting arbitrary SQL code.

Successful exploitation requires that "magic_quotes_gpc" is disabled.

The vulnerabilities have been confirmed in version 6.00.109. Other
versions may also be affected.

======================================================================
5) Solution

Update to version 6.00.110.
http://www.php-fusion.co.uk/downloads.php?cat_id=3

======================================================================
6) Time Table

04/10/2005 - Vulnerabilities discovered.
05/10/2005 - Vendor notified.
05/10/2005 - Vendor confirms vulnerabilities.
06/10/2005 - Public disclosure.

======================================================================
7) Credits

Discovered by Andreas Sandblad, Secunia Research.

======================================================================
8) About Secunia

Secunia collects, validates, assesses, and writes advisories regarding
all the latest software vulnerabilities disclosed to the public. These
advisories are gathered in a publicly available database at the
Secunia website:

http://secunia.com/

Secunia offers services to our customers enabling them to receive all
relevant vulnerability information to their specific system
configuration.

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/secunia_security_advisories/

======================================================================
9) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2005-52/advisory/

======================================================================

Security

IT News

Search

SecurityAlert Database

About SecurityAlert

ExploitAlert Database

SecurityReason Research

WLB Database

Send to WLB

About WLB

Security Audit

Schedule

Prices of services

Contact

SecurityReason IT News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

Contact

About SecurityReason

PHP-Fusion Two SQL Injection Vulnerabilities