PHP-Fusion 6.00.109 SQL injection

Description

1. Input passed to the "activate" parameter in "register.php" and the "cat_id" parameter in "faq.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

2. Input passed to the "srch_text" parameter in "messages.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Confirmed in version 6.00.109. Other versions may also be affected.

Remediation

Update to version 6.00.110 or higher.

References