Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2437

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2437
Last Modified 05 Sep 2008 04:44:08
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-2437

Summary

SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to (1) index.php or (2) members.php, or (3) the comment_id parameter to comments.php.

Vulnerable Systems

Application

  • Php Fusion 4.01


References

XF - phpfusion-sql-injection(17546)

BID - 11296

OSVDB - 10438

OSVDB - 10437

SECUNIA - 12686


Last Updated: 27 May 2016 10:39:28