CVE-2013-1803

PHP-Fusion 7.02.05 - Multiple Vulnerabilities

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary SQL commands via a (2) parameter name starting with "delete_attach_" in an edit action to forum/postedit.php; the (3) poll_opts[] parameter in a newthread action to forum/postnewthread.php; the (4) pm_email_notify, (5) pm_save_sent, (6) pm_inbox, (7) pm_sentbox, or (8) pm_savebox parameter to administration/settings_messages.php; the (9) thumb_compression, (10) photo_watermark_text_color1, (11) photo_watermark_text_color2, or (12) photo_watermark_text_color3 parameter to administration/settings_photo.php; the (13) enable parameter to administration/bbcodes.php; the (14) news_image, (15) news_image_t1, or (16) news_image_t2 parameter to administration/news.php; the (17) news_id parameter in an edit action to administration/news.php; or the (18) article_id parameter in an edit action to administration/articles.php. NOTE: the user ID cookie issue in Authenticate.class.php is already covered by CVE-2013-7375.

Múltiples vulnerabilidades de inyección SQL en PHP-Fusion anterior a versión 7.02.06, permiten a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del (1) parámetro orderby en el archivo downloads.php; o usuarios autenticados remotamente con ciertos permisos para ejecutar comandos SQL arbitrarios por medio de un (2) parámetro name que comienza con "delete_attach_" en una acción edit en el archivo forum/postedit.php; el (3) parámetro poll_opts[] en una acción newthread en el archivo forum/postnewthread.php; el parámetro (4) pm_email_notify, (5) pm_save_sent, (6) pm_inbox, (7) pm_sentbox, o (8) pm_savebox en el archivo administration/settings_messages.php; el parámetro (9) thumb_compression, (10) photo_watermark_text_color1, (11) photo_watermark_text_color2, o (12) photo_watermark_text_color3 en el archivo administration/settings_photo.php; el (13) parámetro enable en el archivo administration/bbcodes.php; el parámetro (14) news_image, (15) news_image_t1, o (16) news_image_t2 en el archivo administration/news.php; el (17) parámetro news_id en una acción edit en el archivo administration/news.php; o el (18) parámetro article_id en una acción edit en el archivo administration/articles.php. NOTA: el problema de la cookie del ID de usuario en el archivo Authenticate.class.php ya está cubierto por el CVE-2013-7375.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-02-19 CVE Reserved
2013-03-01 First Exploit
2014-05-05 CVE Published
2024-01-30 EPSS Updated
2024-08-06 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CAPEC

References (16)

URL	Tag	Source
http://osvdb.org/90693	Vdb Entry
http://osvdb.org/90695	Vdb Entry
http://osvdb.org/90709	Vdb Entry
http://osvdb.org/90710	Vdb Entry
http://osvdb.org/90711	Vdb Entry
http://osvdb.org/90712	Vdb Entry
http://osvdb.org/90713	Vdb Entry
http://osvdb.org/show/osvdb/90714	Vdb Entry
http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html	X_refsource_misc
http://seclists.org/fulldisclosure/2013/Feb/154	Mailing List
http://www.openwall.com/lists/oss-security/2013/03/03/1	Mailing List
http://www.openwall.com/lists/oss-security/2013/03/03/2	Mailing List
http://www.waraxe.us/advisory-97.html	X_refsource_misc

URL	Date	SRC
https://www.exploit-db.com/exploits/24562	2013-03-01

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/52403	2014-05-10
http://www.php-fusion.co.uk/news.php?readmore=569	2014-05-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Php-fusion Search vendor "Php-fusion"		Php-fusion Search vendor "Php-fusion" for product "Php-fusion"				<= 7.02.05 Search vendor "Php-fusion" for product "Php-fusion" and version " <= 7.02.05"		-		Affected
Php-fusion Search vendor "Php-fusion"		Php-fusion Search vendor "Php-fusion" for product "Php-fusion"				7.02.01 Search vendor "Php-fusion" for product "Php-fusion" and version "7.02.01"		-		Affected
Php-fusion Search vendor "Php-fusion"		Php-fusion Search vendor "Php-fusion" for product "Php-fusion"				7.02.02 Search vendor "Php-fusion" for product "Php-fusion" and version "7.02.02"		-		Affected
Php-fusion Search vendor "Php-fusion"		Php-fusion Search vendor "Php-fusion" for product "Php-fusion"				7.02.03 Search vendor "Php-fusion" for product "Php-fusion" and version "7.02.03"		-		Affected
Php-fusion Search vendor "Php-fusion"		Php-fusion Search vendor "Php-fusion" for product "Php-fusion"				7.02.04 Search vendor "Php-fusion" for product "Php-fusion" and version "7.02.04"		-		Affected