INFORMATION

Name : CVE-2008-5335 First Publication : 2008-12-04
Severity : Medium Last Modification : 2008-12-05

SCORING CVSS v2

Cvss Base Score : 6.8 Attack Range : Network
Cvss Impact Score : 6.4 Attack Complexity : Medium
Cvss Expoit Score : 8.6 Authentification : None Required

DETAIL

SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005-3159, CVE-2005-4005, and CVE-2006-2459.


MORE INFORMATIONS

If you login, you will see more informations about this alert including :

9 Secondary sources

Your browser must accept cookie for login.

Login : Password: Captcha :
Remember me ?
if you can not read it, please refresh the page

If you don't have a login, register for FREE.