Detections
Analytics
PHP-Fusion Authenticate.class.php Multiple Cookie SQL Injection
high Nessus Plugin ID 65615
Language:
Synopsis
The remote web server hosts a PHP script that is affected by a SQL injection vulnerability.Description
The version of the PHP-Fusion installed on the remote host is affected by a SQL injection vulnerability because it fails to properly sanitize user input to the 'user' and 'admin' cookies upon submission to the application. An unauthenticated, remote attacker could leverage this issue to launch a SQL injection attack against the affected application leading to authentication bypass, discovery of sensitive data, and attacks against the underlying database.Note that successful exploitation requires that PHP's 'magic_quotes_gpc' be disabled.
Note also that this version is reportedly affected by additional SQL injection, multiple cross-site scripting, and multiple local file inclusion vulnerabilities as well as an information disclosure issue and an arbitrary file deletion issue but Nessus did not test for these issues.
Solution
Upgrade to version 7.02.06 or later.See Also
http://www.waraxe.us/advisory-97.html
https://www.php-fusion.co.uk/infusions/news/news.php?readmore=569
Plugin Details
Severity: High
ID: 65615
File Name: php_fusion_cookie_sql_injection.nasl
Version: 1.11
Type: remote
Family: CGI abuses
Published: 3/19/2013
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2013-7375
Vulnerability Information
CPE: cpe:/a:php_fusion:php_fusion
Required KB Items: www/PHP, www/php_fusion
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Available: true
Exploit Ease: No exploit is required
Exploited by Nessus: true
Patch Publication Date: 1/27/2013
Vulnerability Publication Date: 2/16/2013
Reference Information
CVE: CVE-2013-7375
BID: 58011