CVE-2005-3161

Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 allow remote attackers to execute arbitrary SQL commands via (1) the activate parameter in register.php and (2) the cat_id parameter in faq.php.

Published: Oct 6, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-3161
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
php_fusion / php_fusion	6.00.105	6.00.105.x
php_fusion / php_fusion	6.00.106	6.00.106.x
php_fusion / php_fusion	6.00.103	6.00.103.x
php_fusion / php_fusion	6.00.101	6.00.101.x
php_fusion / php_fusion	6.00.107	6.00.107.x
php_fusion / php_fusion	6.00.104	6.00.104.x
php_fusion / php_fusion	6.00.100	6.00.100.x
php_fusion / php_fusion	6.00.108	6.00.108.x
php_fusion / php_fusion	6.00.102	6.00.102.x
php_fusion / php_fusion	6.00.109	6.00.109.x

http://secunia.com/advisories/17055
http://secunia.com/secunia_research/2005-52/advisory/
http://securityreason.com/securityalert/54
http://www.osvdb.org/19866
http://www.osvdb.org/19867
http://www.php-fusion.co.uk/news.php?readmore=261
http://www.securityfocus.com/bid/15018
https://exchange.xforce.ibmcloud.com/vulnerabilities/22532

Vulnerability Database

289,697

CVE-2005-3161