Description
Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Shortcodes-Shortcodes Ultimate Remote Code Execution (5.0.0)
Oracle Application Server CVE-2006-3711 Vulnerability (CVE-2006-3711)
GlassFish Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-3250)
Oracle Database Server CVE-2016-0499 Vulnerability (CVE-2016-0499)