Description

Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php.

Remediation

References

CVE-2014-8596

Related Vulnerabilities

WordPress Plugin WPE Indoshipping Multiple Remote File Inclusion Vulnerabilities (2.5.0)

WordPress Plugin U BuddyPress Forum Attachment 'fileurl' Parameter Remote File Disclosure (1.1.1)

PHP Address Book Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2013-0135)

PHP Out-of-bounds Read Vulnerability (CVE-2019-11036)

WordPress Plugin WordPress Firewall 2 Multiple Vulnerabilities (1.3)

Severity

High

Classification

CVE-2014-8596

Tags

Missing Update Known Vulnerabilities