CVE-2006-4673

PHP-Fusion <6.01.4 - SQL Injection

Title source: llm

Description

Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by rgod · phpwebappsphp
https://www.exploit-db.com/exploits/28496

References (7)

Scores

EPSS 0.0060
EPSS Percentile 69.5%

Details

Status published
Products (12)
php_fusion/php_fusion 6.0.105
php_fusion/php_fusion 6.0.106
php_fusion/php_fusion 6.0.107
php_fusion/php_fusion 6.0.109
php_fusion/php_fusion 6.0.110
php_fusion/php_fusion 6.0.204
php_fusion/php_fusion 6.0.206
php_fusion/php_fusion 6.0.303
php_fusion/php_fusion 6.0.304
php_fusion/php_fusion 6.0.306
... and 2 more
Published Sep 11, 2006
Tracked Since Feb 18, 2026