Severity
Medium
Analysis Summary
PHP-Fusion is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements to the PHPFusion/Feedback/Comments.ajax.php script using specific parameter, which could allow the attacker to view, add, modify or delete information in the back-end database.
Impact
Data Manipulation
Affected Vendors
PHP-Fusion
Affected Products
PHP-Fusion 9.03.60
Remediation
Refer to vendor’s advisory for the list of affected products and upgraded patches.