Description
Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php.
Remediation
References
Related Vulnerabilities
Moodle Other Vulnerability (CVE-2004-2236)
WebLogic Deserialization of Untrusted Data Vulnerability (CVE-2019-17571)
YetiForce CRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2022-1411)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-0059)