Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request: PHP-Fusion waraxe-2013-SA#097
From: Henri Salo <henri () nerv fi>
Date: Sun, 3 Mar 2013 02:02:20 +0200

Hello list,

Can I get CVEs for vulnerabilities fixed in PHP-Fusion version 7.02.06, thanks.

http://www.waraxe.us/advisory-97.html waraxe-2013-SA#097

OSVDB ID    title
90714     PHP-Fusion /downloads.php orderby Parameter SQL Injection
90713     PHP-Fusion /forum/postedit.php delete_attach_* Parameter SQL Injection 
90712     PHP-Fusion /forum/postnewthread.php poll_opts Parameter SQL Injection 
90711     PHP-Fusion /administration/settings_messages.php Multiple Parameter SQL Injection 
90710     PHP-Fusion /administration/settings_photo.php Multiple Parameter SQL Injection 
90709     PHP-Fusion /administration/bbcodes.php enable Parameter SQL Injection 
90708     PHP-Fusion /forum/viewthread.php highlight Parameter XSS 
90707     PHP-Fusion /messages.php Multiple Parameter XSS 
90706     PHP-Fusion /infusions/shoutbox_panel/shoutbox_admin.php message Parameter XSS 
90705     PHP-Fusion /administration/news.php message Parameter XSS 
90704     PHP-Fusion /administration/panel_editor.php panel_list Parameter XSS 
90703     PHP-Fusion /administration/phpinfo.php User-Agent HTTP Header XSS
90702     PHP-Fusion /administration/bbcodes.php __BBCODE__ Parameter XSS 
90701     PHP-Fusion /administration/article_cats.php Multiple Parameter XSS 
90700     PHP-Fusion /administration/download_cats.php Multiple Parameter XSS 
90699     PHP-Fusion /administration/news_cats.php Multiple Parameter XSS 
90698     PHP-Fusion /administration/weblink_cats.php Multiple Parameter XSS 
90697     PHP-Fusion /administration/articles.php Multiple Parameter XSS 
90696     PHP-Fusion /administration/db_backup.php file Parameter Traversal Arbitrary File Deletion 
90695     PHP-Fusion /administration/news.php Multiple Parameter SQL Injection 
90694     PHP-Fusion /maincore.php user_theme Parameter Traversal Local File Inclusion
90693     PHP-Fusion /administration/articles.php article_id Parameter SQL Injection 
90692     PHP-Fusion /administration/user_fields.php enable Parameter Traversal Local File Inclusion
90691     PHP-Fusion /administration/db_backup.php Database Backup Direct Request Information Disclosure
90359     PHP-Fusion includes/classes/Authenticate.class.php Multiple Cookie SQL Injection

--
Henri Salo

Attachment: signature.asc
Description: Digital signature


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]