Description
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php.
Exploits (1)
References (6)
Core 6
Core References
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15698
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/31
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/21415
Vendor Advisory mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/418512
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/17871
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2730
Scores
EPSS
0.0206
EPSS Percentile
84.1%
Details
Status
published
Products (1)
php_fusion/php_fusion
6.00.109
Published
Dec 05, 2005
Tracked Since
Feb 18, 2026