CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
AI Score
Confidence
Low
EPSS
Percentile
83.8%
Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php.
Vendor | Product | Version | CPE |
---|---|---|---|
php_fusion | php_fusion | * | cpe:2.3:a:php_fusion:php_fusion:*:*:*:*:*:*:*:* |
php_fusion | php_fusion | 6.0.105 | cpe:2.3:a:php_fusion:php_fusion:6.0.105:*:*:*:*:*:*:* |
php_fusion | php_fusion | 6.0.106 | cpe:2.3:a:php_fusion:php_fusion:6.0.106:*:*:*:*:*:*:* |
php_fusion | php_fusion | 6.0.107 | cpe:2.3:a:php_fusion:php_fusion:6.0.107:*:*:*:*:*:*:* |
php_fusion | php_fusion | 6.0.109 | cpe:2.3:a:php_fusion:php_fusion:6.0.109:*:*:*:*:*:*:* |
php_fusion | php_fusion | 6.0.110 | cpe:2.3:a:php_fusion:php_fusion:6.0.110:*:*:*:*:*:*:* |
php_fusion | php_fusion | 6.0.204 | cpe:2.3:a:php_fusion:php_fusion:6.0.204:*:*:*:*:*:*:* |
php_fusion | php_fusion | 6.0.206 | cpe:2.3:a:php_fusion:php_fusion:6.0.206:*:*:*:*:*:*:* |
php_fusion | php_fusion | 6.0.303 | cpe:2.3:a:php_fusion:php_fusion:6.0.303:*:*:*:*:*:*:* |
php_fusion | php_fusion | 6.0.304 | cpe:2.3:a:php_fusion:php_fusion:6.0.304:*:*:*:*:*:*:* |