Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2459

Overview

Vulnerability Score 6.4 6.4
CVE Id CVE-2006-2459
Last Modified 07 Mar 2011 09:36:14
Published 19 May 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2459

Summary

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter.

Vulnerable Systems

Application

  • Php Fusion 6.00.306

  • Php Fusion 6.00.307


References

VUPEN - ADV-2006-1839

BUGTRAQ - 20060516 PHP-Fusion <= 6.00.306 "srch_where" SQL injection / admin credentials disclosure

SECUNIA - 20129

MISC - http://retrogod.altervista.org/phpfusion_600306_sql.html

XF - phpfusion-srchwhere-sql-injection(26491)

BID - 18009

OSVDB - 25542

SECTRACK - 1016111

SREASON - 922


Last Updated: 27 May 2016 10:42:28