Vulnerability Details CVE-2005-3161
Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 allow remote attackers to execute arbitrary SQL commands via (1) the activate parameter in register.php and (2) the cat_id parameter in faq.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/17055
- http://secunia.com/secunia_research/2005-52/advisory/
- http://securityreason.com/securityalert/54
- http://www.osvdb.org/19866
- http://www.osvdb.org/19867
- http://www.php-fusion.co.uk/news.php?readmore=261
- http://www.securityfocus.com/bid/15018
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22532
- http://secunia.com/advisories/17055
- http://secunia.com/secunia_research/2005-52/advisory/
- http://securityreason.com/securityalert/54
- http://www.osvdb.org/19866
- http://www.osvdb.org/19867
- http://www.php-fusion.co.uk/news.php?readmore=261
- http://www.securityfocus.com/bid/15018
- https://exchange.xforce.ibmcloud.com/vulnerabilities/22532
Products affected by CVE-2005-3161
-
cpe:2.3:a:php_fusion:php_fusion:6.00.100
-
cpe:2.3:a:php_fusion:php_fusion:6.00.101
-
cpe:2.3:a:php_fusion:php_fusion:6.00.102
-
cpe:2.3:a:php_fusion:php_fusion:6.00.103
-
cpe:2.3:a:php_fusion:php_fusion:6.00.104
-
cpe:2.3:a:php_fusion:php_fusion:6.00.105
-
cpe:2.3:a:php_fusion:php_fusion:6.00.106
-
cpe:2.3:a:php_fusion:php_fusion:6.00.107
-
cpe:2.3:a:php_fusion:php_fusion:6.00.108
-
cpe:2.3:a:php_fusion:php_fusion:6.00.109