CVE-2013-7375

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-7375
SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://osvdb.org/show/osvdb/90359
http://packetstormsecurity.com/files/120368/PHP-Fusion-CMS-7.02.05-SQL-Injection.html
http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html
http://seclists.org/bugtraq/2013/Feb/80
http://seclists.org/fulldisclosure/2013/Feb/154
http://www.securityfocus.com/bid/58011
http://www.waraxe.us/advisory-97.html
https://vndh.net/note:php-fusion-70205-sql-injection
http://osvdb.org/show/osvdb/90359
http://packetstormsecurity.com/files/120368/PHP-Fusion-CMS-7.02.05-SQL-Injection.html
http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html
http://seclists.org/bugtraq/2013/Feb/80
http://seclists.org/fulldisclosure/2013/Feb/154
http://www.securityfocus.com/bid/58011
http://www.waraxe.us/advisory-97.html
https://vndh.net/note:php-fusion-70205-sql-injection
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:php-fusion:php-fusion:7.02.01:*:*:*:*:*:*:*
cpe:2.3:a:php-fusion:php-fusion:7.02.02:*:*:*:*:*:*:*
cpe:2.3:a:php-fusion:php-fusion:7.02.03:*:*:*:*:*:*:*
cpe:2.3:a:php-fusion:php-fusion:7.02.04:*:*:*:*:*:*:*
cpe:2.3:a:php-fusion:php-fusion:7.02.05:*:*:*:*:*:*:*
History

21 Nov 2024, 02:00

Type Values Removed Values Added
References () http://osvdb.org/show/osvdb/90359 - () http://osvdb.org/show/osvdb/90359 -
References () http://packetstormsecurity.com/files/120368/PHP-Fusion-CMS-7.02.05-SQL-Injection.html - () http://packetstormsecurity.com/files/120368/PHP-Fusion-CMS-7.02.05-SQL-Injection.html -
References () http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html - () http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html -
References () http://seclists.org/bugtraq/2013/Feb/80 - () http://seclists.org/bugtraq/2013/Feb/80 -
References () http://seclists.org/fulldisclosure/2013/Feb/154 - () http://seclists.org/fulldisclosure/2013/Feb/154 -
References () http://www.securityfocus.com/bid/58011 - () http://www.securityfocus.com/bid/58011 -
References () http://www.waraxe.us/advisory-97.html - () http://www.waraxe.us/advisory-97.html -
References () https://vndh.net/note:php-fusion-70205-sql-injection - () https://vndh.net/note:php-fusion-70205-sql-injection -
Information

Published : 2014-05-05 17:06

Updated : 2024-11-21 02:00

NVD link : CVE-2013-7375

Mitre link : CVE-2013-7375

CVE.ORG link : CVE-2013-7375

JSON object : View

Products Affected

php-fusion

  • php-fusion
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024