Detections
Analytics

PHP-Fusion <= 6.00.106 Multiple Vulnerabilities

medium Nessus Plugin ID 19311

Language:

Synopsis

The remote web server hosts an application that is affected by multiple vulnerabilities.

Description

According to its banner, the remote host is running a version of PHP-Fusion that suffers from multiple vulnerabilities :

 - SQL Injection Vulnerability The application fails to sanitize user-supplied input to the 'msg_view' parameter of the 'messages.php' script before using it in database queries. Exploitation requires that an attacker first authenticate and that PHP's 'magic_quotes_gpc' be disabled.

 - HTML Injection Vulnerability An attacker can inject malicious CSS (Cascading Style Sheets) codes through [color] tags, thereby affecting how the site is rendered whenever users view specially crafted posts.

Solution

Upgrade to PHP-Fusion 6.00.107 or later or apply the patches in the vendor's advisories referenced above.

See Also

https://www.php-fusion.co.uk/infusions/news/news.php?readmore=244

https://www.php-fusion.co.uk/infusions/news/news.php?readmore=247

Plugin Details

Severity: Medium

ID: 19311

File Name: php_fusion_bbcode_color_xss.nasl

Version: 1.25

Type: remote

Family: CGI abuses

Published: 7/29/2005

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.6

CVSS v2

Risk Factor: Medium

Base Score: 6

Temporal Score: 4.7

Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:php_fusion:php_fusion

Required KB Items: www/PHP, www/php_fusion

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Patch Publication Date: 8/15/2005

Vulnerability Publication Date: 7/20/2005

Reference Information

CVE: CVE-2005-2401, CVE-2005-3159

BID: 14332, 14489

CWE: 20, 442, 629, 711, 712, 722, 725, 74, 750, 751, 79, 800, 801, 809, 811, 864, 900, 928, 931, 990