MidnightBSD

Advisories for php_fusion

CVE-2004-1723 MEDIUM

The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 4.00
CVE-2004-1724 HIGH

The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 4.0
CVE-2004-2437 HIGH

SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to (1) index.php or (2) members.php, or (3) the comment_id parameter to comments.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 4.01
CVE-2004-2438 MEDIUM

Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the (1) Submit News, (2) Submit Link or (3) Submit Article field.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 4.01
CVE-2005-0345 MEDIUM

viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote attackers to view protected forums via the thread_id parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 4.0
CVE-2005-0692 MEDIUM

Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 5.0
CVE-2005-0829 MEDIUM

Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote attackers to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 5.01
CVE-2005-2074 MEDIUM

Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows remote attackers to inject arbitrary web script or HTML via a news or article post, possibly involving the (1) news_body, (2) article_description, or (3) article_body parameters to submit.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 6.0.105
CVE-2005-2075 MEDIUM

PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/db_backups directory in PHP-Fusion 6.0 or the fusion_admin/db_backups directory in 5.0.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 5.0
php_fusion php_fusion 6.0
CVE-2005-2401 MEDIUM

PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets (CSS) via the BBCode color tag.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 5.01_service_pack
php_fusion php_fusion 4.00
php_fusion php_fusion 5.0
php_fusion php_fusion 4.01
php_fusion php_fusion 6.0.106
php_fusion php_fusion 6.0.105
CVE-2005-2783 MEDIUM

Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and earlier allows remote attackers to inject arbitrary web script or HTML via nested, malformed URL BBCode tags.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 5.01_service_pack
php_fusion php_fusion 4.00
php_fusion php_fusion 5.0
php_fusion php_fusion 4.01
php_fusion php_fusion 6.0.107
php_fusion php_fusion 6.0.106
php_fusion php_fusion 6.0.105
CVE-2005-3157 HIGH

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to execute arbitrary SQL commands via the msg_send parameter, a different vulnerability than CVE-2005-3158 and CVE-2005-3159.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 6.00.109
CVE-2005-3158 HIGH

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and 6.00.107 allows remote attackers to execute arbitrary SQL commands via the (1) pm_email_notify and (2) pm_save_sent parameters, a different vulnerability than CVE-2005-3157 and CVE-2005-3159.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 6.00.106
php_fusion php_fusion 6.00.107
CVE-2005-3160 HIGH

Multiple SQL injection vulnerabilities in photogallery.php in PHP-Fusion allow remote attackers to execute arbitrary SQL commands via the (1) album and (2) photo parameters.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 6.00.103
php_fusion php_fusion 6.00.105
php_fusion php_fusion 6.00.106
php_fusion php_fusion 6.00.109
php_fusion php_fusion 6.00.100
php_fusion php_fusion 6.00.104
php_fusion php_fusion 6.00.107
php_fusion php_fusion 6.00.101
php_fusion php_fusion 6.00.102
php_fusion php_fusion 6.00.108
CVE-2005-3161 HIGH

Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 allow remote attackers to execute arbitrary SQL commands via (1) the activate parameter in register.php and (2) the cat_id parameter in faq.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 6.00.103
php_fusion php_fusion 6.00.105
php_fusion php_fusion 6.00.106
php_fusion php_fusion 6.00.109
php_fusion php_fusion 6.00.100
php_fusion php_fusion 6.00.104
php_fusion php_fusion 6.00.107
php_fusion php_fusion 6.00.101
php_fusion php_fusion 6.00.102
php_fusion php_fusion 6.00.108
CVE-2005-3740 HIGH

Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter to options.php or (2) lastvisited parameter to viewforum.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion *
CVE-2005-4005 HIGH

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 6.00.109
CVE-2005-4516 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion 6.00.200 through 6.00.300 allow remote attackers to inject arbitrary web script or HTML via (1) the sortby parameter in members.php and (2) IMG tags.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 6.00.300
php_fusion php_fusion 6.00.200
php_fusion php_fusion 6.00.205
php_fusion php_fusion 6.00.206
php_fusion php_fusion 6.00.207
php_fusion php_fusion 6.00.204
CVE-2005-4517 HIGH

SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 allows remote attackers to execute arbitrary SQL commands via the ratings parameter in multiple scripts, such as ratings_include.php.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 6.00.300
php_fusion php_fusion 6.00.200
php_fusion php_fusion 6.00.206
php_fusion php_fusion 6.00.207
CVE-2005-4655 MEDIUM

Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6.0.204 allows remote attackers to inject arbitrary web script or HTML via nested tags in the news_body parameter, as demonstrated by elements such as "<me<meta>ta" and "<sc<script>ript>".

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 6.00.204
CVE-2006-0593 MEDIUM

Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 6.00.103
php_fusion php_fusion 6.00.300
php_fusion php_fusion 6.00.200
php_fusion php_fusion 6.00.205
php_fusion php_fusion 6.00.206
php_fusion php_fusion 6.00.105
php_fusion php_fusion 6.00.106
php_fusion php_fusion 6.00.207
php_fusion php_fusion 6.00.110
php_fusion php_fusion 6.00.101
php_fusion php_fusion 6.00.108
php_fusion php_fusion 6.00.204
php_fusion php_fusion 6.00.109
php_fusion php_fusion 6.00.100
php_fusion php_fusion 6.00.104
php_fusion php_fusion 6.00.303
php_fusion php_fusion 6.00.107
php_fusion php_fusion 6.00.102
CVE-2006-2330 MEDIUM

PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 6.00.206
php_fusion php_fusion 6.00.105
php_fusion php_fusion 6.00.3
php_fusion php_fusion 6.00.106
php_fusion php_fusion 6.00.204
php_fusion php_fusion 6.00.109
php_fusion php_fusion 6.00.303
php_fusion php_fusion 6.00.110
php_fusion php_fusion 6.00.107
php_fusion php_fusion 6.00.306
php_fusion php_fusion 6.00.304
CVE-2006-2331 MEDIUM

Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via (1) a .. (dot dot) in the settings[locale] parameter in infusions/last_seen_users_panel/last_seen_users_panel.php, and (2) a .. (dot dot) in the localeset parameter in setup.php. NOTE: the vendor states that this issue might exist due to problems in third party local files.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 6.00.206
php_fusion php_fusion 6.00.105
php_fusion php_fusion 6.00.3
php_fusion php_fusion 6.00.106
php_fusion php_fusion 6.00.204
php_fusion php_fusion 6.00.109
php_fusion php_fusion 6.00.303
php_fusion php_fusion 6.00.110
php_fusion php_fusion 6.00.107
php_fusion php_fusion 6.00.306
php_fusion php_fusion 6.00.304
CVE-2006-2459 MEDIUM

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 6.00.307
php_fusion php_fusion 6.00.306
CVE-2006-3555 MEDIUM

Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
php_fusion php_fusion 6.00.300
php_fusion php_fusion 6.00.307
php_fusion php_fusion 6.00.206
php_fusion php_fusion 6.00.106
php_fusion php_fusion 6.00.207
php_fusion php_fusion 6.00.110
php_fusion php_fusion 6.0.105
php_fusion php_fusion 6.00.101
php_fusion php_fusion 6.00.306
php_fusion php_fusion 6.01.2
php_fusion php_fusion 6.00.3
php_fusion php_fusion 6.0.107
php_fusion php_fusion 6.00.303
php_fusion php_fusion 6.00.107
php_fusion php_fusion 6.00.304
php_fusion php_fusion 6.00.103
php_fusion php_fusion 6.00.200
php_fusion php_fusion 6.00.205
php_fusion php_fusion 6.00.105
php_fusion php_fusion 6.00.108
php_fusion php_fusion 6.00.204
php_fusion php_fusion 6.00.109
php_fusion php_fusion 6.00.100
php_fusion php_fusion 6.0.106
php_fusion php_fusion 6.00.104
php_fusion php_fusion 6.00.102