SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php.
Software | From | Fixed in |
---|---|---|
php_fusion / php_fusion | 6.00.109 | 6.00.109.x |