Description
Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php.
Remediation
References
Related Vulnerabilities
WordPress 5.8.x Multiple Vulnerabilities (5.8 - 5.8.4)
Grafana Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-19039)
SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17301)
WordPress Plugin Subscribe to Comments Multiple Cross-Site Scripting Vulnerabilities (2.0.4)