CVE-2013-1803

PHP-Fusion 7.02.05 - Multiple Vulnerabilities

Severity Score

8.8

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary SQL commands via a (2) parameter name starting with "delete_attach_" in an edit action to forum/postedit.php; the (3) poll_opts[] parameter in a newthread action to forum/postnewthread.php; the (4) pm_email_notify, (5) pm_save_sent, (6) pm_inbox, (7) pm_sentbox, or (8) pm_savebox parameter to administration/settings_messages.php; the (9) thumb_compression, (10) photo_watermark_text_color1, (11) photo_watermark_text_color2, or (12) photo_watermark_text_color3 parameter to administration/settings_photo.php; the (13) enable parameter to administration/bbcodes.php; the (14) news_image, (15) news_image_t1, or (16) news_image_t2 parameter to administration/news.php; the (17) news_id parameter in an edit action to administration/news.php; or the (18) article_id parameter in an edit action to administration/articles.php. NOTE: the user ID cookie issue in Authenticate.class.php is already covered by CVE-2013-7375.

Múltiples vulnerabilidades de inyección SQL en PHP-Fusion anterior a versión 7.02.06, permiten a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del (1) parámetro orderby en el archivo downloads.php; o usuarios autenticados remotamente con ciertos permisos para ejecutar comandos SQL arbitrarios por medio de un (2) parámetro name que comienza con "delete_attach_" en una acción edit en el archivo forum/postedit.php; el (3) parámetro poll_opts[] en una acción newthread en el archivo forum/postnewthread.php; el parámetro (4) pm_email_notify, (5) pm_save_sent, (6) pm_inbox, (7) pm_sentbox, o (8) pm_savebox en el archivo administration/settings_messages.php; el parámetro (9) thumb_compression, (10) photo_watermark_text_color1, (11) photo_watermark_text_color2, o (12) photo_watermark_text_color3 en el archivo administration/settings_photo.php; el (13) parámetro enable en el archivo administration/bbcodes.php; el parámetro (14) news_image, (15) news_image_t1, o (16) news_image_t2 en el archivo administration/news.php; el (17) parámetro news_id en una acción edit en el archivo administration/news.php; o el (18) parámetro article_id en una acción edit en el archivo administration/articles.php. NOTA: el problema de la cookie del ID de usuario en el archivo Authenticate.class.php ya está cubierto por el CVE-2013-7375.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-02-19 CVE Reserved
2013-03-01 First Exploit
2014-05-05 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CAPEC

References (16)

URL	Tag	Source
http://osvdb.org/90693	Vdb Entry
http://osvdb.org/90695	Vdb Entry
http://osvdb.org/90709	Vdb Entry
http://osvdb.org/90710	Vdb Entry
http://osvdb.org/90711	Vdb Entry
http://osvdb.org/90712	Vdb Entry
http://osvdb.org/90713	Vdb Entry
http://osvdb.org/show/osvdb/90714	Vdb Entry
http://packetstormsecurity.com/files/120598/PHP-Fusion-7.02.05-XSS-LFI-SQL-Injection.html	X_refsource_misc
http://seclists.org/fulldisclosure/2013/Feb/154	Mailing List
http://www.openwall.com/lists/oss-security/2013/03/03/1	Mailing List
http://www.openwall.com/lists/oss-security/2013/03/03/2	Mailing List
http://www.waraxe.us/advisory-97.html	X_refsource_misc

URL	Date	SRC
https://www.exploit-db.com/exploits/24562	2013-03-01

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/52403	2014-05-10
http://www.php-fusion.co.uk/news.php?readmore=569	2014-05-10

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Php-fusion Search vendor "Php-fusion"		Php-fusion Search vendor "Php-fusion" for product "Php-fusion"				<= 7.02.05 Search vendor "Php-fusion" for product "Php-fusion" and version " <= 7.02.05"		-		Affected
Php-fusion Search vendor "Php-fusion"		Php-fusion Search vendor "Php-fusion" for product "Php-fusion"				7.02.01 Search vendor "Php-fusion" for product "Php-fusion" and version "7.02.01"		-		Affected
Php-fusion Search vendor "Php-fusion"		Php-fusion Search vendor "Php-fusion" for product "Php-fusion"				7.02.02 Search vendor "Php-fusion" for product "Php-fusion" and version "7.02.02"		-		Affected
Php-fusion Search vendor "Php-fusion"		Php-fusion Search vendor "Php-fusion" for product "Php-fusion"				7.02.03 Search vendor "Php-fusion" for product "Php-fusion" and version "7.02.03"		-		Affected
Php-fusion Search vendor "Php-fusion"		Php-fusion Search vendor "Php-fusion" for product "Php-fusion"				7.02.04 Search vendor "Php-fusion" for product "Php-fusion" and version "7.02.04"		-		Affected