Description
SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803.
Remediation
References
Related Vulnerabilities
WordPress Plugin iThemes Security (formerly Better WP Security) Information Disclosure (5.1.1)
OpenSSL Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-1473)
Apache Tomcat Other Vulnerability (CVE-2006-7195)
Ruby Improper Input Validation Vulnerability (CVE-2008-3657)
Drupal Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-25277)